School Identity Manager
This page describes the identity manager, one of many services provided by the XS School server software.
A laptop is registered with a school server. This provides the laptop with globally defined names for it's presence and backup services (defined in /etc/idmgr.conf on the schoolserver), as well as creating an account on the school server. The username is the laptop's serial number, the password the UUID, and its public key is placed on the school server for future authentication. This registration process is performed by the Identity Manager.
The laptop Sugar user interface has a register command in the menu associated with the XO figure in the home screen which triggers the above process (with port 8080 on DNS name "schoolserver" in the local domain). This command vanishes from the user interface once a laptop is registered.
Installation and Configuration
The Identity Manager is part of the normal school server software, available from our repositories, as of build 128 (Sept. 2, 2007). Earlier builds may simply update (yum update) to obtain and install the service.
The configuration of the Identity Manager is relatively static. It resides at a well-known port (8080) on a well known DNS name (schoolserver)in the local school domain. It uses a database at a fixed location (/home/idmgr/identity.db). Two parameters may be provided via a configuration file (/etc/idmgr.conf), which typically looks like:
BACKUP=schoolserver.random.xs.laptop.org PRESENCE=schoolserver.random.xs.laptop.org
Implementation
The Identity Manager is a server which accepts requests for registration from laptops. If the registration request is from a new laptop, the server creates a user account for that laptop on a school server.
The server is started and stopped using a script located in /etc/init.d/idmgr. This script may be run using the service command:
service idmgr start|stop|status
The /etc/init.d/idmgr init script calls /usr/bin/registration-manager. For debugging purposes (after stopping the idmgr service) you can run registration-manager directly, with no arguments. It won't daemonise and will print messages to stderr rather than using syslog.
The database of laptops registered with a school is maintained in a SQL database. This database currently uses SQLite (v3) and is located at: /home/idmgr/identity.db, but this may change in the future.
The identity manager is written in Python, and includes the idmanager python library. This can be used to access the database in a pythonic manner, regardless of the underlying database format.
XS-0.4 and older
/etc/init.d/idmgr worked as described above, but the script it called was located at /home/idmgr/idmgr/server.py.
Manipulation of the Registration Database
A summary of the contents of the registration database is provided by:
/home/idmgr/list_registration
Before manually altering the database, you should go to the school hacking intensity the identity manager:
service idmgr stop
The database of users in a school is cleared upon initial installation of the school server software. The database may be copied to back it up.
Although not recommended (it leaves user accounts on the server), the database may be deleted to clear the registration database--- a new database may be created using the /home/idmgr/create_registration script.
Upcoming releases will provide a web-base interface for moving students between laptops and removing laptops from a school's database.