[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] youngsters logging in





at my school all of the student accounts have null passwords. the only 
people who have passwords are the teachers
and the administrators. there isn't really any security troubles either. 
no one cares to read anyone elses files cause
there isnt anything interesting there other than typed stories. unless 
these grade ones have important files than
null passwords might be a good idea. i dont know your situation of the 
school so maybe this wouldnt be a good idea.
but those cuecats do look cool.

Kevin.

ps - how would u make the access cards for the cuecats? are there any 
bar code making software for Linux?

Jim Thomas wrote:

> Hi,
> 
> I'm the volunteer sysadmin of a 20-PC linux lab in a small K12 private
> school.  The school would like to get the younger students into the lab
> on a regular basis, and I'm starting to worry about the logistics of
> having the younger ones log in.  Since they can't type very well (if at
> all), correctly typing in a username/passwd pair will be monumentally
> difficult for them.  I'm sure the teacher would spend the first 20
> minutes of lab time getting them logged in, and I doubt that she'd be
> very happy about that.
> 
> I posted my quandary to comp.os.linux.security with two proposals and
> solicited comments and/or alternate proposals.  I'd liketo summarize for
> SEUL/Edu.
> 
> 1) Write an app that the teacher runs from the server.  This app logs
> the students into their assigned machines.
> 
> 2) Use null passwords for the younger students, but lock their
> accounts.  The teacher runs an app that unlocks one account per machine
> for a five-minute period.  Optionally, the student's .bashrc could
> launch an suid app which re-locks the euid's account and close the
> window a little earlier.
> 
> These proposals were fairly well received, with option two being the
> favored one.  Then someone else proposed a third option:
> 
> 3) Print ID cards with username/passwd's encoded for a bar code
> scanner.  Install bar code scanners on all the machines.  Radio Shack is
> giving away FREE bar code scanners (do a web search on Cue:Cat).  These
> come with Windows software which will launch a web browser and connect a
> user to a manufacturer's web site when a product's UPC is scanned (or to
> Amazon when a book's ISBN number is scanned).  Each bar code reader
> comes with a unique serial number, so the privacy implications here are
> horrific, but that's an aside.  Several people have developed code to
> read the output of the Cue:Cat, including a PAM module, but AFAIK, no
> one has put together a complete package for login authentication.
> 
> I'd like to extend this scheme so that the ID cards can also be used as
> library cards with Koha, and I'd ALSO like to use them for logging into
> the few Winders boxen we have (using a samba server).
> 
> Has anyone tried this?  Does anyone want to help work on this?
> This could be very sweet!
>