[X2go-dev] Recommendation for mass conncections

Mike Gabriel m.gabriel at das-netzwerkteam.de
Sat Jul 31 11:32:49 CEST 2010 

Hi Yitzak,

On Di 27 Jul 2010 17:01:13 CEST Yitzhak Bar Geva wrote:

> Since there are so many examinees, we need an automated procedure to generate
> authorization for them. I had thought that granting each her own Linux login
> would be unnecessary, since all she has to do is access the one  
> application with
> a browser front end.

May be I missed something, but if it is just a browser app that  
examinees need to access, why do you want to provide a complete  
x-login environment? This means much more hassle to you than just  
setting up a secure website.

Wouldn't it be an option just to setup a secure webserver, buy an  
official CA-certificate and run your application on you https-webserver?

For automatic LDAP-account generation an algorithm could look like  
this and should be very simple:

   o people register for an exam
   o registration creates a unique registration ID (LDAP-attribute ,,userid'')
   o on the registration for people need to enter further personal data (email,
     fullname, etc.)
   o with all this data you create an LDAP account on your server
   o this could be done by creating an LDIF file from the reg form
   o or by using python-easyldap (one of my not yet published projects, still
     under heavy development):
     deb http://packages.das-netzwerkteam.de/debian <codename> main
     deb http://packages.das-netzwerkteam.de/ubuntu <codename> main
   o problematic is posting the credentials to the user, this is only really
     really safe by e-Mail if you use GnuPG encryption etc.
   o probably easiest would be to send a password
   o once a user has the information to login the examination could start
   o with pam_mkhomedir the user's homedir can be created on the server
   o use the option skel=... to specify a custom skeleton directory  
for the home
   o on logout you have to place a hook that disables the LDAP account
     (shadowAccount attribute)
   o at night there could be a cron script that erases every home that is older
     than 24h

Best,
Mike





-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

eMail-LeseSchreibStunde: wochentags 8h-10h
mail: m.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

More information about the x2go-dev mailing list