Very Computer

Now, the problem is the computers in the library are very old and are
currently running the ICA Client ontop of Window 3.x which makes
everything very very sluggish. So we have decided to install linux on all
these machines and run the linux ICA Client on them. However, we need to
configure the system so that:

- When the system boots up it should, if possible without requesting a
login, run the ICA Client (which automatically brings up the WindowsNT
login screen.)

- When the user quits the ICA Client, the program should be restarted
(showing the login screen again) automatically.

- A user should not ever be able to reach the command line. But an
administrator should be able to, say, get access to another run-level
where he/she get a login prompt and then a shell.

- The linux system should be cut down to the bare essentials, that is,
core system, network, and graphical support for the ICA Client.

I need some help in understanding what needs to be running/loaded for the
graphical interface to be available? In my full installation of RedHat 7.0
if I run the ICA Client from run-level 3, I get a "Can't open display"
error. Running the program from within Gnome (in run-level 5) however runs
the program great. Now how can I avoid Gnome being visible and accessible?
Is it possible to load up the graphical support (X server?) and then just
run the ICA Client from the command line?

I've kind off understood how to control the boot up process using the
symbolic link files in the rc.d folder. But do I need to write a script to
run the ICA Client or just make a link to it?

Any help would be very much appreciated, thank you,
Keyk

I think you will find it very hard to prevent the students from being
able to reach some kind of prompt.  You can make it a little hard for
them, but the smart ones will figure it out anyway.

I would simply create a user "student", and let the machine boot up
without X windows automatically started.  Post a small sing on the
machine telling the users to login as "student", with whatever
password you give it; the student account can run startx in .login and
then run the citrix client as the last command in .xinitrc, as if it
was your window manager; thus when you exit the citrix client X will
exit.

The students will figure out how to root the machine, and how to
reboot and type "linux single" at the LILO prompt, and other ways of
using the machine.  I would advise not going down the path of patching
the various exploits that the kids will come up with.  Instead, just
acknowledge that it can be done, and take the fun out of it.  

But you should make some attempt at protection against people running
a fake screen that will look like the citrix client and capture
passwords.  A weak way to do this would be to make an easy way to
completely re-install the system (say have a disk image that you can
restore from) and do this automatically on a regular basis.  If you
can make it work, try making a bootable CD out of the linux
installation you settle on, and leave the machines with no harddrive
at all, and have them reboot with each login/logout.  (Do the machines
have enough memory to run X and the citrix client without swapping ?)

Just a few thoughts.

--Rob

Keyk>
Keyk> I work for a school that has just installed a big Windows NT Terminal
Keyk> Server (4.0.) All the computers around the school (including Macs, PCs,
Keyk> and NetStation (these are TV type cable boxes that are based on Acorn
Keyk> system)) have been setup to to run a program called "Citrix ICA Client"
Keyk> which basically allows the user to log into the WindowsNT server and have
Keyk> a session (this is just like logging into a linux box remotely using X
Keyk> windows etc.)
Keyk>
Keyk> Now, the problem is the computers in the library are very old and are
Keyk> currently running the ICA Client ontop of Window 3.x which makes
Keyk> everything very very sluggish. So we have decided to install linux on all
Keyk> these machines and run the linux ICA Client on them. However, we need to
Keyk> configure the system so that:
Keyk>
Keyk> - When the system boots up it should, if possible without requesting a
Keyk> login, run the ICA Client (which automatically brings up the WindowsNT
Keyk> login screen.)
Keyk>
Keyk> - When the user quits the ICA Client, the program should be restarted
Keyk> (showing the login screen again) automatically.
Keyk>
Keyk> - A user should not ever be able to reach the command line. But an
Keyk> administrator should be able to, say, get access to another run-level
Keyk> where he/she get a login prompt and then a shell.
Keyk>
Keyk> - The linux system should be cut down to the bare essentials, that is,
Keyk> core system, network, and graphical support for the ICA Client.
Keyk>
Keyk> I need some help in understanding what needs to be running/loaded for the
Keyk> graphical interface to be available? In my full installation of RedHat 7.0
Keyk> if I run the ICA Client from run-level 3, I get a "Can't open display"
Keyk> error. Running the program from within Gnome (in run-level 5) however runs
Keyk> the program great. Now how can I avoid Gnome being visible and accessible?
Keyk> Is it possible to load up the graphical support (X server?) and then just
Keyk> run the ICA Client from the command line?
Keyk>
Keyk> I've kind off understood how to control the boot up process using the
Keyk> symbolic link files in the rc.d folder. But do I need to write a script to
Keyk> run the ICA Client or just make a link to it?
Keyk>
Keyk> Any help would be very much appreciated, thank you,
Keyk> Keyk

Quote:> The students will figure out how to root the machine, and how to
> reboot and type "linux single" at the LILO prompt, and other ways of
> using the machine.  I would advise not going down the path of patching
> the various exploits that the kids will come up with.  Instead, just
> acknowledge that it can be done, and take the fun out of it.

Quote:> But you should make some attempt at protection against people running
> a fake screen that will look like the citrix client and capture
> passwords.  A weak way to do this would be to make an easy way to
> completely re-install the system (say have a disk image that you can
> restore from) and do this automatically on a regular basis.  If you
> can make it work, try making a bootable CD out of the linux
> installation you settle on, and leave the machines with no harddrive
> at all, and have them reboot with each login/logout.  (Do the machines
> have enough memory to run X and the citrix client without swapping ?)

What about write access to /var/log/messages ?????

Quote:

> Just a few thoughts.

2. I think it's a good idea to HALT (NOT reboot) the system upon exit
from the ICA client, to force the next user to reboot - this will
prevent any fake screen pranks.

3. Is it possible to run the ICA startup from the boot scripts (the
script should /bin/su -c the_citrix_client  student  citrix arguments)?
Then you need a rescue system to do work on it.

--
Nick Bishop
-----
REAL! A newsgroup called alt.os.windows95.crash.crash.crash
-oOo-

Sent via Deja.com http://www.deja.com/
Before you buy.