On Sat, May 04, 2002 at 12:19:11PM +0000, Buchan Milne wrote: > We are looking at the advantages and disadvantages of migrating the majority of our > users to linux/Unix on the desktop. One of the potential advantages may be > intermezzo, as it can provide file-server redundancy (specifically for files being > worked on) on the client, and allows disconnected operation for laptops (which > doesn't work too well with windows).
Make sure you test that disconnected use very well. The last time I tested it, it was not up to the task of roaming laptop usage. More times than not when I reconnected to the network there would be a "conflict" (i.e. same file modified on both the disconnected client and the server) and at the time intermezzo's conflict resolution handling was simply not allow reconnection of the laptop to the intermezzo server until the user manually resolved _all_ of the conflicts. > We have a number of laptops that are > shared, and it would be excessive work to add local accounts each time someone needs > to take a laptop away from the network. > With windows 2000 on the laptops, people can > log in once while connected to the network, and get their windows profile from the > samba domain controller. Disconnect the machine, and they can still log in. Hmmmm. That's of questionable security risk. > Would it be possible to implement something like this on linux? Two things (AFAICS) > need to be implemented. One is a module that can cache previous nss lookups (for > example from nss_ldap or nss_winbind), the other could be a pam module that caches > passwords. Bwa ha ha ha. As an IT and/or security manager, I am going to have a laptop roaming from user to user, caching all of their passwords so that somebody can take it home and run a password cracker on them all? I don't think so! Not without some good "cleaning" in between. > On the issue of disconnected file use, would it be possible to have intermezzo > automatically add/remove files from it's filesystem? For example, when someone logs > into a laptop while connected: > > 1)user/group information should be looked-up and cached > 2)the password (and maybe some other things to ensure configuration has not changed, > like md5sum of the pam.d file?) is cached > 3)The users home directory is synced by intermezzo. How long is this last step intended to take. My homedir is 1.5GB. Not sure how long it would take to mirror it to my laptop, but it certainly would not be anywhere near instaneous. I would have to be expected to stay connected to the network at least long enough to do the caching. > Then, when the user disconnects from the network, everything works as before. IMHO, this is an edge/corner case that would be a waste of Mandrake developers' time. The investment spent doing this would never be returned. You need to find somebody (outside of Mandrake) to champion your ideas, turn them into code and then perhaps Mandrake can package it up into Mandrake Linux. Have you tried talking to the ClusterFS folks -- the one's who are primary developer/designers of InterMezzo? b. -- Brian J. Murrell
msg63673/pgp00000.pgp
Description: PGP signature
