Keypairs should be generated for italc-master package and debconf question should be displayed to import public keys during installation of italc-client
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Baltix |
New
|
Undecided
|
Unassigned | ||
italc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Currently postinst script of italc-client package generates private and public keys in /etc/italc/ for admins, teachers and supporters roles (command 'ica -role $role -createkeypair' is used). These keypairs are needed not for clients, but for master computer, so keypairs should be generated during installation of italc-master package and debconf question should be displayed to import public keys (from master computer) during installation of italc-client package.
The correct behavior is used in italc packages for windows, look at these instructions (with screenshots) for installation of italc-master:
http://
http://
And these screenshots for italc-client:
http://
http://
Just some thoughts:
* Debconf doesn't have a "browse for files" widget type. Using the string type to enter either the keys path or the keys text would be a little awkward.
* I'd prefer using scp to copy the keys to dozens of workstations than providing the path to a debconf dialog in each one of them.
* Maybe one way to do it would be for italc-master to publish the keys using avahi txt records. I think sugar and controlaula use that method. Then, an italc-client postinst script would:
(a) Automatically use the server keys, if just one italc-master server was found.
(b) Show a multiselect debconf widget if multiple italc-master servers were found.
(c) Create new keys (or leave the package in an unconfigured state?) if no italc-master servers were found during installation.
* While that method would make italc-client installation automatic for the most common case, it also raises some security concerns: what if the correct italc-master server is down while installing italc-client to the clients, and some "malicious" server is up?
If publishing the server keys using avahi is an acceptable method, I'm interested in preparing/proposing a patch for it.