 |
 |
Need help with Kerberos for University Lab situation
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Status:
Offline
|
|
I help administrate an IT lab at the design school of a local university. We've been using Macs running OS 9 for ages... recently, though, we bit the bullet (as far as the lab situation goes--I've been using X on my personal machine since 10.0 was released) and ordered a bunch of X-only G5 machines to replace our current fleet of G4 "Classic" Macs. To test things out and make sure everything is working correctly, we've got a small "beta" lab of about ten of the old G4s, now running OS X. And now the details:
Each student at this university has a Kerberos login that links them to their email (either IMAP or POP3), their AFS "home" directory (which also doubles as their UNIX/Linux/Solaris "home" directory), and their NT/2k/XP profile space. Yes, university-wide, we've got a mess of IT departments.
In any case, the students at the design school are used to using the Desktop on the Macs as a sort-of "temporary" storage space. They tend to work on gargantuan files, be they 2-gig Final Cut projects or something tamer, like a 300 MB Photoshop file. In any case, local storage (local to the machine they are currently working on) is a must for these kids.
In our "beta" lab, we've got X set up so that students log in to the OS X login UI with their Kerberos name and Kerberos password; this, then, gets whatever AFS tokens it needs and sets their "home" directory (as far as OS X is concerned) to be their AFS "home" directory from the network.
And now, the tihs hits the fan. All of the students accounts are limited such that their AFS "home" directory may contain at no time any amount of data that exceeds 40 megabytes. Yes, you read that correctly. Try fitting a 600 MB After Effects composition onto the desktop of a "home" folder that is capped at 40... needless to say, the natives are getting restless. "Why won't the desktop work any more?" "Who broke the Macintoshes?" Et cetera, et cetera, et cetera.
As a temporary measure, we've created world-readable, world-writeable directories called "Temporary Storage (Trashed 8 A.M. Daily)" in the top level ("/") of every OS X macintosh... however, this hasn't gone over well with the stuck-in-their-ways Graphic Designer crowd. All I hear from them is "can't you just make it like it was?"
So, to that end, I've racked my brain, trying to conjure up some magic linking that would trick OS X into letting these kids log into X with their Kerberos ID, yet map some local (to that machine they are logging into right then and there) as their OS X "Desktop" folder. We thought about just creating some stupid "labmac1" "labmac2" "labmac3" (et cetera) accounts for each machine, and having the kids just log in to the account for that machine... but then, we realized, it's really handy having them log in through Kerberos.
What I want to know is: am I asking too much? If I want all the nicety that comes from having their settings and preferences accessed via AFS, am I stuck with having their "Desktop" folder being accessed the same way? Has anybody dealt with this kind of thing before?
Thanks in advance if anybody can help.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
You can change the network Desktop folder to a link to a local folder. However, this will probably confuse them too. They will be expecting their Desktop stuff to always be available wherever they go since that is the normal behavior of OS X accounts.
We didn't have any trouble educating the users about where to work with their large files when we migrated.
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Status:
Offline
|
|
Just out of curiosity, how did you link the Desktop to a local folder? We may test out both methods (the "learn to use the new OS the way it's supposed to work" way and the "haack the new OS to work like the old one" way) and then see which one works better for us...
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
Originally posted by rgoer:
Just out of curiosity, how did you link the Desktop to a local folder? We may test out both methods (the "learn to use the new OS the way it's supposed to work" way and the "haack the new OS to work like the old one" way) and then see which one works better for us...
Remove the user's Desktop folder from their home directory and replace it with a symbolic link of the same name to a local folder.
In all my experience, it is always best to keep the experience as similar to the way the OS is supposed to work. Modifying it to work like something else creates more confusion in the long run. It makes it harder for you to support and it makes it different from the way it works on their home Macs.
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2002
Location: Portland, OR
Status:
Offline
|
|
I agree, the problem with making the desktop a symbolic link to a local folder is that if they ever log into another computer that hasn't been set up correctly (the local folder the link points to does not exist, etc) the results will probably be bad.
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Status:
Offline
|
|
Yeah, you're right. I suppose, what we really need to do is convince the top-level IT dept. at university to grant design-school kids 3 GB apiece for their AFS space... ;^)
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
