NetworkAuthClient
Launchpad entry: https://features.launchpad.net/distros/ubuntu/+spec/edubuntu-network-auth-client
Packages affected: authtool, libpam-mount, libpam-ldap, libnss-ldap, libpam-ccreds, edsadmin, gnome-control-center
Summary
Authenticating edubuntu clients (workstations and ltsp servers) against an edubuntu network auth server.
Rationale
To provide a centralized usermanagement in a school using edubuntu, an edubuntu network authentication server is implemented. To authenticate against such a server a certain client setup is required. This spec outlines what will be done to achieve client authentication on edubuntu ltsp servers and workstations.
Use cases
Will is administrator at a highschool, he used to use an edubuntu LTSP server in one classroom to test the functionallity. Since the software convinced him he will now set up his whole school with edubuntu and set up an edubuntu network authentication server where he maintains the students accounts for the complete school and their homedirectories. After he installed the edubuntu-auth-client metapackage on all his workstations and ltsp servers all his students log in via the centralized service without problems.
Scope
Out of the box working authentication against an edubuntu network authserver.
Design and Implementation
A metapackage called edubuntu-auth-client will be created. It will depend on https://launchpad.net/people/ajmitch/+branch/network-authentication/authtool (which will provide the basic authentication functionallity) as well as on libpam-mount, libpam-ldap, libnss-ldap and libpam-ccreds.
The libpam-mount, libpam-ldap, libnss-ldap and libpam-ccreds packages will move to main.
Additionally a dependency on the edsadmin package (handled in edubuntu-auth-server) will be created. In the postinst of the edubuntu-auth-client the menu entry of the users-admin tool shipped gnome-system-tools will be disabled to avoid the confusion of having two user management tools.
The postinst of edubuntu-auth-client will ask for the desired domainname and for the ip address of the ldap server and preseed the authtool debconf values with it.
The edubuntu CD will get a new networked-workstation preseed file that pulls in the edubuntu-auth-client package. This way the user will still have the option to install a complete standalone workstation.
Edubuntu LTSP server installs will install the edubuntu-auth-client by default.
For mounting /home a nfs export in required on the authentication server, the edubuntu-auth-server will care for this.
The password tool of the "About Me" application shipped by default in ubuntu/edubuntu will be enhanced to operate properly with the users password on an ldap server.
Unresolved issues
The pam-mount binary needs to be extended to read the users home directory location from the ldap server where we store the information where to find the users home.