[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] authorization management

To: schoolforge-discuss@schoolforge.net
Subject: Re: [school-discuss] authorization management
From: Harry McGregor <micros@osef.org>
Date: Mon, 15 Dec 2003 10:55:30 -0700
Delivered-to: archiver@seul.org
Delivered-to: schoolforge-discuss-outgoing@seul.org
Delivery-date: Mon, 15 Dec 2003 13:06:32 -0500
In-reply-to: <3FDDF423.5070400@cox.net>
Organization: Open Source Education Foundation
Reply-to: schoolforge-discuss@schoolforge.net
Sender: owner-schoolforge-discuss@schoolforge.net

On Mon, 2003-12-15 at 10:49, Jake Maul wrote:
> Harry McGregor wrote:
> 
> > Um, one 'student' account is a very very bad idea.  Per user
> > authentication is a must.
> 
> I agree, that's why we're moving away from it. However, it should be 
> noted that the entire district (30 elementary, 8 middle, 7 high schools) 
> has run almost entirely this way for all student access for years on 
> Windows 95/98 and MacOS8/9 machines, and will for the forseeable future.

The major school district here uses school/student numbers, and it's a
mess.  Corbett has over 1500 accounts for ~600 students.  CORB0001 -
CORB1500...  None of them have passwords at the elementary school level,
at middle and high school they have to set a password, but unused
accounts are generally not locked out.  TUSD has over 105 schools, and
over 63,000 students.  Just because something works, does not mean it's
the best solution.

We use on the linux network (and when we ran the windows side before, we
used this with samba) at Corbett full first and last name for user
auth.  We did not setup passwords, as this is K-5, but it's really hard
for the other students to spell eachother's name's properly. Heck, it's
hard for a lot of them to get their own name right.

> >>How do you manage per-user accounts, spread over multiple client PCs? 
> >>NIS? LDAP? Manually copied /etc/{passwd,shadow,group} and NFS homedirs?
> > 
> > We are currently using NIS at Corbett, though will probably move to LDAP
> > soon, as we have used it elsewhere commercially (We are using LDAP at my
> > office of USGS, etc)
> 
> > You should be able to mount the homedir via NFS from the OS-X server,
> > and should be able to use LDAP auth to the apple directory server.
> 
> That's kinda what I figured. I'll have to find a howto though- never 
> messed with LDAP/NetInfo before.

I have not played with LDAP much, and never under OS-X.  Others here
though might have more of an idea on it.

If you can't find the info you need, feel free to drop me an email
directly (hmcgregor@osef.org), and I will do some searching.

			Harry

> Thanks,
> Jake
> 

--
Harry McGregor, CEO, Co-Founder
Hmcgregor@osef.org, (520) 661-7875 (CELL)
Open Source Education Foundation, http://www.osef.org
A non-profit tax exempt charitable organization

Follow-Ups:
- Re: [school-discuss] authorization management
  - From: "Dr. Robert G. Rittenhouse" <rob@cs1.mcm.edu>

References:
- Re: [school-discuss] authorization management
  - From: Jake Maul <jakemaul@cox.net>

Prev by Author: Re: [school-discuss] authorization management
Next by Author: Re: [school-discuss] Spreading LTSP over multiple servers?
Previous by thread: Re: [school-discuss] authorization management
Next by thread: Re: [school-discuss] authorization management
Index(es):
- Author
- Thread