Account Administration for K-12 School Systems
Packages are provided for installing on Debian and Red Hat systems. There is also a tar archive file for installing on other systems.
There are two packages: k12admin-server and k12admin-client. The k12admin-server package should be installed only on the computer that will be the main account administration computer for your district. The k12admin-client package should be installed on every machine that will be updated from the k12admin-server machine.
The k12admin-server package contains the files necessary to use a machine as the central account administration server. Typically, you will want k12admin-server installed on only one machine in your district. It is possible to install the k12admin-client package on the same machine as the k12admin-server package, although for security reasons this may not be desirable. It would be better if the accounts on the server computer were administered manually, so that students and staff members do not have accounts on the server and are less likely to try mucking around there.
Install the k12admin-server package by running
dpkg -i k12admin-server*deb
rpm -i k12admin-server*rpm(use -U in place of -i if this is an upgrade) in the directory where you have stored the package. If this is a first install, you will be told to run k12admin-server.setup as root to create the MySQL database. This file was placed in the /usr/bin/ directory when the package was installed, so it should be in your path.
If you are installing the package from a tar file, unpack the archive, go (cd) to the k12admin-server* directory and run make install to install the package.
In order to create the MySQL database, you will need to enter the root password of your MySQL server. Note that the MySQL root password is not the same as your normal root password. You should have been prompted to enter a password for your MySQL server when that package was installed. The script will allow you to keep trying passwords until it succeeds. Just press ENTER if your MySQL root password is blank. If this is the case, the k12admin-server package will prompt you for a new password, as it is a grave security risk to have a blank MySQL password.
The second password asked for by the k12admin-server.setup is one for the k12 MySQL user. This user is used by the scripts to connect to the MySQL database. You do not need to memorize this password, as it is stored in the /etc/k12admin.MySQL.pass file which is readable by the k12admin and www-data users only. You can change this password at any time by rerunning the k12admin-server.setup program.
Now you must configure Apache so it knows where the k12admin files are located. Once Apache is configured and reloaded, you should be able to access the account administration system at http://yourservermachine/k12admin/ from any web browser. Log in as user demoteacher with demopass as the password.
I strongly recommend using apache-ssl (http://www.apache-ssl.org/) in order to encrypt packets between your web browser and the k12admin-server. This is especially true if there is potential for someone to be sniffing packets that are being transmitted. The basic authentication that is part of the HTTP standard is not encrypted, and your password can be grabbed easily off every outgoing web request if you are not using a secure server.
You must edit the Apache configuration files to enable the account-administration system. Add the following lines to the bottom of Apache's access.conf file:
Alias /k12admin/ /var/k12admin/web/ ScriptAlias /k12admin-cgi/ /var/k12admin/webscripts/ <Directory /var/k12admin/> AllowOverride AuthConfig </Directory>
You might also have to change the user and group of the Apache web server process. It may be set to “nobody” by default. The web server process must have access to the database containing sensitive account information. The password for accessing the database is stored in /etc/k12admin.MySQL.pass and is readable by only the www-data user and the k12admin group. It is, therefore, necessary to have the Apache process running as www-data. This account was created when k12admin-server was installed, if it didn't already exist.
To set the user and group of the Apache process, change the following lines in Apache's httpd.conf file:
User www-data Group www-data
Reload Apache after making these changes. On Debian systems, reload Apache by running
/etc/init.d/apache-ssl reloadOn Red Hat, run
|Nativ Disc||Sep 23, 2016|
|Android Browser Security--What You Haven't Been Told||Sep 22, 2016|
|The Many Paths to a Solution||Sep 21, 2016|
|Synopsys' Coverity||Sep 20, 2016|
|Naztech's Roadstar 5 Car Charger||Sep 16, 2016|
|RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop||Sep 15, 2016|
- Android Browser Security--What You Haven't Been Told
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Nativ Disc
- The Many Paths to a Solution
- Naztech's Roadstar 5 Car Charger
- Synopsys' Coverity
- Securing the Programmer
- RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop
- Identity: Our Last Stand
- Glass Padding
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide