School Identity Manager: Difference between revisions
m (Reverted edits by 200.169.121.244 (Talk); changed back to last version by Xavi) |
No edit summary |
||
Line 5: | Line 5: | ||
This page describes the [[XS_Service_Description#Identity_Manager|identity manager]], one of [[XS_Service_Description|many services]] provided by the [[XS_Server_Software|XS School server software]]. |
This page describes the [[XS_Service_Description#Identity_Manager|identity manager]], one of [[XS_Service_Description|many services]] provided by the [[XS_Server_Software|XS School server software]]. |
||
A laptop is "registered" with a school server. This provides the laptop with globally defined names for it's presence and backup services (defined in <tt>/etc/idmgr.conf</tt> on the schoolserver), as well as creating an account on the school server. The username is the laptop's serial number, the password the UUID, and its public key is placed on the school server for future authentication. This registration process is performed by the Identity Manager. |
|||
The laptop Sugar user interface has a "register" command in the menu associated with the XO figure in the home screen which triggers the above process (with port 8080 on DNS name "schoolserver" in the local domain). It goes away once a laptop is registered. |
|||
=Installation and Configuration= |
=Installation and Configuration= |
||
Line 10: | Line 14: | ||
The Identity Manager is part of the normal school server software, available from [[XS_Software_Repositories|our repositories]], as of build 128 (Sept. 2, 2007). Earlier builds may simply update (<tt>yum update</tt>) to obtain and install the service. |
The Identity Manager is part of the normal school server software, available from [[XS_Software_Repositories|our repositories]], as of build 128 (Sept. 2, 2007). Earlier builds may simply update (<tt>yum update</tt>) to obtain and install the service. |
||
The configuration of the Identity Manager is relatively static. It resides at a well-known port (8080) |
The configuration of the Identity Manager is relatively static. It resides at a well-known port (8080) on a well known DNS name (schoolserver)in the local school domain. It uses a database at a fixed location (<tt>/home/idmgr/identity.db</tt>). Two parameters may be provided via a configuration file (<tt>/etc/idmgr.conf</tt>), which typically looks like: |
||
BACKUP=schoolserver.random.xs.laptop.org |
|||
PRESENCE=schoolserver.random.xs.laptop.org |
|||
=Implementation= |
=Implementation= |
Revision as of 06:28, 19 January 2008
This page describes the identity manager, one of many services provided by the XS School server software.
A laptop is "registered" with a school server. This provides the laptop with globally defined names for it's presence and backup services (defined in /etc/idmgr.conf on the schoolserver), as well as creating an account on the school server. The username is the laptop's serial number, the password the UUID, and its public key is placed on the school server for future authentication. This registration process is performed by the Identity Manager.
The laptop Sugar user interface has a "register" command in the menu associated with the XO figure in the home screen which triggers the above process (with port 8080 on DNS name "schoolserver" in the local domain). It goes away once a laptop is registered.
Installation and Configuration
The Identity Manager is part of the normal school server software, available from our repositories, as of build 128 (Sept. 2, 2007). Earlier builds may simply update (yum update) to obtain and install the service.
The configuration of the Identity Manager is relatively static. It resides at a well-known port (8080) on a well known DNS name (schoolserver)in the local school domain. It uses a database at a fixed location (/home/idmgr/identity.db). Two parameters may be provided via a configuration file (/etc/idmgr.conf), which typically looks like:
BACKUP=schoolserver.random.xs.laptop.org PRESENCE=schoolserver.random.xs.laptop.org
Implementation
The Identity Manager is a server which accepts requests for registration from laptops. If the registration request is from a new laptop, the server creates a user account for that laptop on a school server.
The server is started and stopped using a script located in /etc/init.d/idmgr. This script may be run using the service command:
service idmgr start|stop|status
The database of laptops registered with a school is maintained in a SQL database. This database, built and maintained using SQLite (v3), is located at: /home/idmgr/identity.db.
The identity manager is written in Python, using SQLAlchemy to painlessly integrate the SQL database. It is located in /home/idmgr/idmgr/ on the server.
Manipulation of the Registration Database
A summary of the contents of the registration database is provided by:
/home/idmgr/list_registration
Before manually altering the database, you should shut down the identity manager:
service idmgr stop
The database of users in a school is cleared upon initial installation of the school server software. The database may be copied to back it up.
Although not recommended (it leaves user accounts on the server), the database may be deleted to clear the registration database--- a new database may be created using the /home/idmgr/create_registration script.
Upcoming releases will provide a web-base interface for moving students between laptops and removing laptops from a school's database.