[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[seul-edu] youngsters logging in



Hi,

I'm the volunteer sysadmin of a 20-PC linux lab in a small K12 private
school.  The school would like to get the younger students into the lab
on a regular basis, and I'm starting to worry about the logistics of
having the younger ones log in.  Since they can't type very well (if at
all), correctly typing in a username/passwd pair will be monumentally
difficult for them.  I'm sure the teacher would spend the first 20
minutes of lab time getting them logged in, and I doubt that she'd be
very happy about that.

I posted my quandary to comp.os.linux.security with two proposals and
solicited comments and/or alternate proposals.  I'd liketo summarize for
SEUL/Edu.

1) Write an app that the teacher runs from the server.  This app logs
the students into their assigned machines.

2) Use null passwords for the younger students, but lock their
accounts.  The teacher runs an app that unlocks one account per machine
for a five-minute period.  Optionally, the student's .bashrc could
launch an suid app which re-locks the euid's account and close the
window a little earlier.

These proposals were fairly well received, with option two being the
favored one.  Then someone else proposed a third option:

3) Print ID cards with username/passwd's encoded for a bar code
scanner.  Install bar code scanners on all the machines.  Radio Shack is
giving away FREE bar code scanners (do a web search on Cue:Cat).  These
come with Windows software which will launch a web browser and connect a
user to a manufacturer's web site when a product's UPC is scanned (or to
Amazon when a book's ISBN number is scanned).  Each bar code reader
comes with a unique serial number, so the privacy implications here are
horrific, but that's an aside.  Several people have developed code to
read the output of the Cue:Cat, including a PAM module, but AFAIK, no
one has put together a complete package for login authentication.

I'd like to extend this scheme so that the ID cards can also be used as
library cards with Koha, and I'd ALSO like to use them for logging into
the few Winders boxen we have (using a samba server).

Has anyone tried this?  Does anyone want to help work on this?
This could be very sweet!

-- 
Jim Thomas                            E-mail:     jthomas@bittware.com  
Senior Applications Engineer          Web:     http://www.bittware.com
Bittware, Inc                         Tel:              (703) 779-7770
Reality continues to ruin my life. - Calvin