Re: Internet Cafe

[Andre Berger]

ChrisHellberg [EMAIL PROTECTED] writes:

Does this really make sense? You would have to put in your floppy
before you log in. What you really need is something like autofs that
(theoretically) umounts drives in customizable intervals. This doesn't
always work in my exerience. Be sure to combine autofs with something
like /etc/gdm/PostSession/Default: 

#!/bin/sh
/usr/bin/X11/sessreg -d -w /var/log/wtmp -u /var/run/utmp -l $DISPLAY $USER
#custom part:
su $USER -c /usr/local/bin/umnt
slay $USER

and /usr/local/bin/umnt:

#!/bin/sh
cd   # important
for i in $( ls /mnt/ )
do
umount /mnt/$i 2 /dev/null
done
for i in $( ls /amnt/ )
do
umount /amnt/$i 2 /dev/null
done


 Does GDM have PAM support so I can use LDAP authentication or if I'm
 feeling lazy and not security conscious, a mysql table of users?

No idea, sorry.
-- Andre
-- 
Andre Berger [EMAIL PROTECTED] from Bonn, Germany

Re: Internet Cafe

[Joachim Trinkwitz]

ChrisHellberg[EMAIL PROTECTED] writes:

 Would they then get back to the fancy graphical login screen..

Yes.

then when
 they login again, everything is remounted I spose?

Not if not using autofs, which never works really well in my
experience. We have the Gnome Desktop installed here, where there is a
floppy icon which you double click on, then the floppy is mounted
automagically and a window with its contents shown (or you do a single
right click and choose `mount floppy' from the menu, then you don't
get the window). Of course, most users forget to umount again, even
when pointed out.

 Does GDM have PAM support so I can use LDAP authentication or if I'm
 feeling lazy and not security conscious, a mysql table of users?

It has PAM support (there is a PAM file in the Debian package), but I
don't know much about that.

Greetings,
joachim

Re: Internet Cafe

[Joachim Trinkwitz]

ChrisHellberg[EMAIL PROTECTED] writes:

 So it can be done over ethernet? Sweet. So I spose if I'm not going to
 do down the radius path, and a simple app to boot them off the PC, would
 it be a matter of killall -9 their processes on the server, including
 the NFS mount?

When using Gnome's GDM, you could write a simple script to umount all
mount points which not should be mounted (= floppy) and kill the
remaining user processes (StarOffice and WordPerfect like to leave
some behind them, more seldom Netscape) with slay, as Ethan proposed.

Greetings,
joachim

Re: Internet Cafe

[ChrisHellberg]

Joachim Trinkwitz wrote:
 
 ChrisHellberg[EMAIL PROTECTED] writes:
 
  So it can be done over ethernet? Sweet. So I spose if I'm not going to
  do down the radius path, and a simple app to boot them off the PC, would
  it be a matter of killall -9 their processes on the server, including
  the NFS mount?
 
 When using Gnome's GDM, you could write a simple script to umount all
 mount points which not should be mounted (= floppy) and kill the
 remaining user processes (StarOffice and WordPerfect like to leave
 some behind them, more seldom Netscape) with slay, as Ethan proposed.
 

Great, gives me something to work with.

Would they then get back to the fancy graphical login screen.. then when
they login again, everything is remounted I spose?

Does GDM have PAM support so I can use LDAP authentication or if I'm
feeling lazy and not security conscious, a mysql table of users?

Cheers
Chris

Re: Internet Cafe

[ChrisHellberg]

Jens B. Jorgensen wrote:
 
 This shouldn't be too tough. I'd look at radius for authorizing and 
 accounting. It's
 built for this kind of stuff. As for automatically logging people out this 
 should be

snip

ah, thought of that too. The problem with this is, I would have to
create ppp over ethernet connections to the radius server. This
shouldn't be too tricky to set up, but still a mission nonetheless. 

Another problem will be overcoming the mental barrier for users that
they're not in windows. Sure things like enlightenment is a bit of a
no-brainer for end users and there are things like Star Office to cater
for those who need MS Office Might be able to do half linux and half
windows to see how things go.

Re: Internet Cafe

[Ethan Benson]

On Mon, Sep 18, 2000 at 09:26:50AM +1200, ChrisHellberg wrote:
 
 Jens B. Jorgensen wrote:
  
  This shouldn't be too tough. I'd look at radius for authorizing and 
  accounting. It's
  built for this kind of stuff. As for automatically logging people out this 
  should be
 
 snip
 
 ah, thought of that too. The problem with this is, I would have to
 create ppp over ethernet connections to the radius server. This
 shouldn't be too tricky to set up, but still a mission nonetheless. 

maybe i missed something but why would you need such a hideous
protocol like PPPoE to use radius?

 Another problem will be overcoming the mental barrier for users that
 they're not in windows. Sure things like enlightenment is a bit of a
 no-brainer for end users and there are things like Star Office to cater
 for those who need MS Office Might be able to do half linux and half
 windows to see how things go.

use the qvwm windowmanager, and a win95 theme for gnome.  the users
will never know its not windows.  

they might notice that you don't have MS Office, but just tell them
its too expensive ;-)  

a great advantage to using GNU/Linux here is it is much easier to
secure a GNU/Linux box for public use then a win* box.  (yes yes
physical security, its much easier to notice someone prying a case
open and walk over and hit them with a cattle prod to make them stop.
then it is to notice them quietly installing god knows what from the
internet.)

-- 
Ethan Benson
http://www.alaska.net/~erbenson/


pgpxp8ccqKD4W.pgp
Description: PGP signature

Re: Internet Cafe

[ChrisHellberg]

Ethan Benson wrote:
 
 On Mon, Sep 18, 2000 at 09:26:50AM +1200, ChrisHellberg wrote:
 
  Jens B. Jorgensen wrote:
  
   This shouldn't be too tough. I'd look at radius for authorizing and 
   accounting. It's
   built for this kind of stuff. As for automatically logging people out 
   this should be
 
  snip
 
  ah, thought of that too. The problem with this is, I would have to
  create ppp over ethernet connections to the radius server. This
  shouldn't be too tricky to set up, but still a mission nonetheless.
 
 maybe i missed something but why would you need such a hideous
 protocol like PPPoE to use radius?
 

So it can be done over ethernet? Sweet. So I spose if I'm not going to
do down the radius path, and a simple app to boot them off the PC, would
it be a matter of killall -9 their processes on the server, including
the NFS mount?

  Another problem will be overcoming the mental barrier for users that
  they're not in windows. Sure things like enlightenment is a bit of a
  no-brainer for end users and there are things like Star Office to cater
  for those who need MS Office Might be able to do half linux and half
  windows to see how things go.
 
 use the qvwm windowmanager, and a win95 theme for gnome.  the users
 will never know its not windows.
 
 they might notice that you don't have MS Office, but just tell them
 its too expensive ;-)
 
:D , most of the people who are gonna be using this aren't that up with
the play of computers so they'll believe anything I tell them.


 a great advantage to using GNU/Linux here is it is much easier to
 secure a GNU/Linux box for public use then a win* box.  (yes yes
 physical security, its much easier to notice someone prying a case
 open and walk over and hit them with a cattle prod to make them stop.
 then it is to notice them quietly installing god knows what from the
 internet.)
 
Yeah, probably might be best going down the GNU/Linux path cause the guy
I'm waiting on to write the windows app to control users' logins and
logouts is dragging the chain.

Re: Internet Cafe

[Ethan Benson]

On Mon, Sep 18, 2000 at 01:35:54PM +1200, ChrisHellberg wrote:
 
 So it can be done over ethernet? Sweet. So I spose if I'm not going to

well i must plead total ignorance on radius will it not operate over
ethernet?  

 do down the radius path, and a simple app to boot them off the PC, would
 it be a matter of killall -9 their processes on the server, including
 the NFS mount?

i don't think you really need anything terribly fancy to limit login
times, pam_time and logoutd should suffice.  (they may not work with
display managers like xdm though, since they typically have lousy pam
support) 

the package slay should also work well for terminating a login.  i
would avoid using signal 9 right off though, better to use 15, and
only go to 9 if something refuses to die.  

for an X session all you usually have to kill is the xsession script
if its setup correctly (with exec windowmanager)

 :D , most of the people who are gonna be using this aren't that up with
 the play of computers so they'll believe anything I tell them.

ah good, those kind are great for entertainment and toys... er /bofh

 Yeah, probably might be best going down the GNU/Linux path cause the guy
 I'm waiting on to write the windows app to control users' logins and
 logouts is dragging the chain.

i think you already have the tools you need for login limits and such,
look at logoutd, slay, skill, pam_time etc.  

a few more details on how things will be setup might be helpful (well
you may not know yet ;-))

-- 
Ethan Benson
http://www.alaska.net/~erbenson/


pgpGdmxA4kTnX.pgp
Description: PGP signature

Re: Internet Cafe

[Jens B. Jorgensen]

This shouldn't be too tough. I'd look at radius for authorizing and accounting. 
It's
built for this kind of stuff. As for automatically logging people out this 
should be
too tough. Just fire off a program when the xdm/gdm session starts. This little 
helper
program could wait for a message from the box where your radius server runs. 
When the
time is running out it can send a little message to the helper giving it a 
5-minute
warning. The helper would fire up a little message box (I believe gnome has a 
mini-app
that'll do this--just display a text message) warning the user their time is 
running
out. When the time actually runs out you can just kill the X server--or perhaps 
do
something a little more graceful.

ChrisHellberg wrote:

 I want to set up an internet cafe at a hostel and am investigating
 various ways of going about things. I think windows 2000 would be the
 best os to have the clients on, but the biggest problem is logging the
 pc's out when their credit expires.

 I'm a strong advocate of Debian GNU/Linux and open source so I would
 liie to use an opensource solution but not too sure if the clientele
 would be that comfortable with X. That being said, if I decide to go
 down the linux path, what would be the best way to log a workstation out
 when credit expires? I rekon it's a matter of creating a simple TCP/IP
 connection to a  server and listening to logout requests :/

 Cheers

 Chris

 --
 Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED]  /dev/null

--
Jens B. Jorgensen
[EMAIL PROTECTED]

Re: Internet Cafe

[Leen Besselink]

On Thu, 14 Sep 2000, ChrisHellberg wrote:

 I want to set up an internet cafe at a hostel and am investigating
 various ways of going about things. I think windows 2000 would be the
snip
 down the linux path, what would be the best way to log a workstation out
 when credit expires? I rekon it's a matter of creating a simple TCP/IP
 connection to a  server and listening to logout requests :/

Or keep a local program running to do that, it would seem more usefull to
me.

Or if you buy a (few) really fast server machines, you could run X on that
and have cheapo clients, I would expect it would be more easy to centrally
administer those (could be cheaper too). But then again, I've never tried
that.

just a few thoughts.