Linux Today: Linux News On Internet Time.

User management with SSSD on shared Ubuntu Lucid laptops

Mar 31, 2010, 12:03 (0 Talkback[s])
(Other stories by Juha Erkkilä)

[ Thanks to Veli-Matti Lintu for this link. ]

"A few months ago we had a blog entry about shared and personal laptops in schools. The goal of shared laptops is basically that they should behave mostly like shared thin clients: it should not matter which a computer any user chooses to work with. He should simply be able to pick any machine, login and get his own personal desktop environment, with his own documents and, for example, web browser bookmarks.

"The problem of an accessible home directory could perhaps be solved satisfactorily with network filesystems such as NFSv4 or AFS, or alternatively with a synchronisation tool such as unison. But even a more essential problem is user management. How is it decided who may login into a laptop, and how is she authenticated and her user information (such as her name, but possibly other information) transmitted to the laptop?

"With centralized directory services containing user information, such as NIS or LDAP, one way of solving the problem could be to replicate all data to laptops. We could run an LDAP slave server on every laptop, but that would not be very secure in case we stored the (hashed) password data in LDAP, because all the password hashes of all users would thus exists on every laptop. The LDAP slave servers would also need a relatively unrestricted access to the master LDAP server, to synchronise their contents. We have not tried to do this with laptops in Opinsys, and probably never will."

Complete Story

Related Stories: