Hi Yitzak,
On Di 27 Jul 2010 17:01:13 CEST Yitzhak Bar Geva wrote:
Since there are so many examinees, we need an automated procedure to generate authorization for them. I had thought that granting each her own Linux login would be unnecessary, since all she has to do is access the one
application with a browser front end.
May be I missed something, but if it is just a browser app that
examinees need to access, why do you want to provide a complete
x-login environment? This means much more hassle to you than just
setting up a secure website.
Wouldn't it be an option just to setup a secure webserver, buy an
official CA-certificate and run your application on you https-webserver?
For automatic LDAP-account generation an algorithm could look like
this and should be very simple:
o people register for an exam
o registration creates a unique registration ID (LDAP-attribute ,,userid'')
o on the registration for people need to enter further personal data (email,
fullname, etc.)
o with all this data you create an LDAP account on your server
o this could be done by creating an LDIF file from the reg form
o or by using python-easyldap (one of my not yet published projects, still
under heavy development):
deb http://packages.das-netzwerkteam.de/debian <codename> main
deb http://packages.das-netzwerkteam.de/ubuntu <codename> main
o problematic is posting the credentials to the user, this is only really
really safe by e-Mail if you use GnuPG encryption etc.
o probably easiest would be to send a password
o once a user has the information to login the examination could start
o with pam_mkhomedir the user's homedir can be created on the server
o use the option skel=... to specify a custom skeleton directory
for the home
o on logout you have to place a hook that disables the LDAP account
(shadowAccount attribute)
o at night there could be a cron script that erases every home that is older
than 24h
Best, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
eMail-LeseSchreibStunde: wochentags 8h-10h mail: m.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...