Uwe, Do the individual students have any form of personal 'HOME' storage for saving their local project work?
How is that organised? I guess emails are all done via a web browser and 'cloud' storage, so that would provide no guidance. Likewise much of their student rotas would be accessed via a browser, again no guidance. Do they have any 'Dropbox' style service for their work storage? Does it, if available, end up in a personalised file/dir path (c:/Student/UB123456/*), or is it a 'signed in' standard path (e.g. C:/HOME/*). These could lead to having the student's global config on their HOME drive, secure from others. My only other thought is to have a 'throw-away' ssh style connection that has additional password protection. I do this for my Github account, so when I push to 'my' remote, I am always asked for my personal pass-phrase for that ssh. It was a bit of hassle to set up at the time (quite a few steps) but since then it's been pretty simple and reliable. It means all my pushes have extra passphrase protection even if one is a bit lax about the ssh public/private file pair. (do emphasise that folks should use a long phrase rather than a short password!) Philip On Thursday, February 9, 2023 at 1:09:52 PM UTC o...@ucm.es wrote: > >>> "KK" == Konstantin Khomoutov <kos...@bswap.ru> writes: > > > On Wed, Feb 08, 2023 at 10:34:46PM +0100, Uwe Brauer wrote: > > [...] > >> It seems to me that the credential helper system might be helpful for a > >> single user szenario. > >> > >> But PC running Windows and only have one user for all students will > >> inevitably run into problems. So that looks a bit over engineered to me. > > [...] > > > Do I understand correctly that the PCs in your department all have a > single > > user account shared by different people - so that's what you call "single > > user"? [*] > > Right! That is what I meant, only one account for well hundreds of > students. > > > > If yes, well, I would say that this is the least correct way to run > shared > > PCs this day and age, but anyway since it's not you who decides on this > > stuff, then yes, any credential caching (and I mean it: not only that of > Git) > > will actively work against the grit here: all such systems imply any > > particular account belongs to a physically distinct person and hence any > > session created for that account can share certain stuff related to that > > person. > > > If you really use single login for different folks, you has to turn any > > credential caching off. If possible, this should be talked about with > whoever > > administers these PCs so they maybe have such settings made in a > centralized > > manner - for instance, they could use Windows domain policies to > pre-tweak > > system-wide Git configuration to turn the GCM off. > > > Well, welcome to Spain my friend. > > Even when I started to mention the problems (before knowing the > solution) concerning the credentials he looked at me as if I were an > alien. There is only one decent system administer in this department and > as I must add maybe in the whole university, but his job is to maintain > Linux and Mac. But then the students want to use windows. Anyhow, sad > topic. > > > > > > [*] I mean, when I hear "single user" I think of a system with 0 or 1 > active > > login sessions at any given time - like a typical PC running Windows of > > its "desktop" flavor. This concept does not mean multiple users share the > > same account/credentials - merely just it's impossble to have more than a > > single user logged in and active at any given time. To illustrate, on > > desktop Windows, logging in remotely over the so-called Remote Desktop > > Protocol (RDP) locks the currenly active "console" session - that one > > where a user works at the physical I/O devices attached to the machine, > > such as the monitor, keyboard and a pointing device (collectively called > > "a seat" these days), - and unlocking the console session back would > > disconnect the RDP session, enforcing that "single user" policy. > > -- > Warning: Content may be disturbing to some audiences > I strongly condemn Putin's war of aggression against the Ukraine. > I support to deliver weapons to Ukraine's military. > I support the ban of Russia from SWIFT. > I support the EU membership of the Ukraine. > > https://addons.thunderbird.net/en-US/thunderbird/addon/gmail-conversation-view/ > -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/git-users/c54060bc-e1e4-4ea1-9d2a-f0134a074b67n%40googlegroups.com.
