[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Edu - some ideas for the future versions

This is a copy of the blog post I just published on my blog[1], also
available via <URL:http://planet.skolelinux.org/> and other locations.
Posting it here too, to make it easier to debate it on the list.


Debian Edu - some ideas for the future versions
11th June 2012

During my work on [2]Debian Edu based on Squeeze, I came across some
issues that should be addressed in the Wheezy release. I finally found
time to wrap up my notes and provide quick summary of what I found,
with a bit explanation.

  * We need to rewrite our package installation framework, as tasksel
    changed from using tasksel tasks to using meta packages (aka
    packages with dependencies like our education-* packages), and our
    installation system depend on tasksel tasks in
    /usr/share/tasksel/debian-edu-tasks.desc for package installation.
  * Enable Kerberos login for more services. Now with the Kerberos
    foundation in place, we should use it to get single sign on with
    more services, and avoiding unneeded password / login questions. We
    should at least try to enable it for these services:
       + CUPS for admins to add/configure printers and users when using
         quotas.
       + Nagios for admins checking the system status.
       + GOsa for admins updating LDAP and users changing their
         passwords.
       + LDAP for admins updating LDAP.
       + Squid for users when exam mode / filtering is active.
       + ssh for admins and users to save a password prompt.
  * When we move GOsa to use Kerberos instead of LDAP bind to
    authenticate users, we should try to block or at least limit access
    to use LDAP bind for authentication, to ensure Kerberos is used
    when it is intended, and nothing fall back to using the less safe
    LDAP bind
  * Merge debian-edu-config and debian-edu-install. The split made
    sense when d-e-install did a lot more, but these days it is just an
    inconvenience when we update the debconf preseeding values.
  * Fix partman-auto to allow us to abort the installation before
    touching the disk if the disk is too small. This is [3]BTS report
    #653305 and the d-i developers are fine with the patch and someone
    just need to apply it and upload. After this is done we need to
    adjust debian-edu-install to use this new hook.
  * Adjust to new LTSP framework (boot time config instead of install
    time config). LTSP changed its design, and our hooks to install
    packages and update the configuration is most likely not going to
    work in Wheezy.
  * Consider switching to NBD instead of NFS for LTSP root, to allow
    the Kernel to cache files in its normal file cache, possibly
    speeding up KDE login on slow networks.
  * Make it possible to create expired user passwords that need to
    change on first login. This is useful when handing out password on
    paper, to make sure only the user know the password. This require
    fixes to the PAM handling of kdm and gdm.
  * Make GUI for adding new machines automatically from sitesummary.
    The current command line script is not very friendly to people most
    familiar with GUIs. This should probably be integrated into GOsa to
    have it available where the admin will be looking for it..
  * We should find way for Nagios to check that the DHCP service
    actually is working (as in handling out IP addresses). None of the
    Nagios checks I have found so far have been working for me.
  * We should switch from libpam-nss-ldapd to sssd for all profiles
    using LDAP, and not only on for roaming workstations, to have less
    packages to configure and consistent setup across all profiles.
  * We should configure Kerberos to update LDAP and Samba password when
    changing password using the Kerberos protocol. The hook was
    requested in [4]BTS report #588968 and is now available in Wheezy.
    We might need to write a MIT Kerberos plugin in C to get this.
  * We should clean up the set of applications installed by default.
       + reduce the number of chemistry visualisers
       + consider dropping xpaint
       + and probably more?
  * Some hardware need external firmware to work properly. This is
    mostly the case for WiFi network cards, but there are some other
    examples too. For popular laptops to work out of the box, such
    firmware need to be installed from non-free, and we should provide
    some GUI to do this. Ubuntu already have this implemented, and we
    could consider using their packages. At the moment we have some
    command line script to do this (one for the running system, another
    for the LTSP chroot).
  * In Squeeze, we provide KDE, Gnome and LXDE as desktop options. We
    should extend the list to Xfce and Sugar, and preferably find a way
    to install several and allow the admin or the user to select which
    one to use.
  * The golearn tool from the goplay package make it easy to check out
    interesting educational packages. We should work on the package
    tagging in Debian to ensure it represent all the useful educational
    packages, and extend the tool to allow it to use packagekit to
    install new applications with a simple mouse click.
  * The Squeeze version got half a exam solution already in place, with
    the introduction of iptable based network blocking, but for it to
    be a complete exam solution the Squid proxy need to enable
    filtering/blocking as well when the exam mode is enabled. We should
    implement a way to easily enable this for the schools that want it,
    instead of the "it is documented" method of today.
  * A feature used in several schools is the ability for a teacher to
    "take over" the desktop of individual or all computers in the room.
    There are at least three implementations, [5]italc, [6]controlaula
    og [7]epoptes and we should pick one of them and make it trivial to
    set it up in a school. The challenges is how to distribute crypto
    keys and how to group computers in one room and how to set up which
    machine/user can control the machines in a given room.
  * Tablets and surf boards are getting more and more popular, and we
    should look into providing a good solution for integrating these
    into the Debian Edu network. Not quite sure how. Perhaps we should
    provide a installation profile with better touch screen support for
    them, or add some sync services to allow them to exchange
    configuration and data with the central server. This should be
    investigated.

I guess we will discover more as we continue to work on the Wheezy
version.

References

1. <URL: http://people.skolelinux.org/pere/blog/Debian_Edu___some_ideas_for_the_future_versions.html >
2. <URL: http://www.debian.org/News/2012/20120311.nb.html >
3. <URL: http://bugs.debian.org/653305 >
4. <URL: http://bugs.debian.org/588968 >
5. <URL: http://people.skolelinux.org/pere/blog/italc.sourceforge.net/ >
6. <URL: http://www.itais.net/help/en/ >
7. <URL: http://www.epoptes.org/ >

-- 
Happy hacking
Petter Reinholdtsen
Reply to: