What is DeCaf
DeCaf is a collection of pieces of software that, if put together, allow you to run an internet café, or something similar. It it based on the concept of “timecode” – 5 letter codes that customers buy and can use to access your workstation for a specified amount of time.
- Fits nicely in the GNU/Linux system, by integrating into the PAM system
- No username/password combination required, just a simple 5 letter code.
- Uses one specified unix account only.
- Any changes by the customer are reverted upon logout.
- PostgreSQL database server somewhere in the network
- unionfs kernel module
Setting up the server
- Install the decaf-db package. It automatically set up a database, if you let it. Remember the username you gave it.
- Configure postgresql to allow access from the workstations.
If you do not want to use the decaf-db package, you can set up the database yourself. You can find the database scheme in the decaf-doc package as file /usr/share/doc/decaf-doc/decaf-database-scheme.sql or under http://svn.debian.org/wsvn/decaf/trunk/doc/decaf-database-scheme.sql. Create a user with write permissions to the database.
From now on, we assume that the database has the name “decaf”, the user is called “decaf” and the database runs on the host “dbhost”.
Setting up a workstation
Install the package decaf-workstation. If they are available in one of your apt repositories, run apt-get install decaf-workstation, otherwise download them from http//decaf.alioth.debian.org/ and install using dpkg -i.
- It will ask what system user account should be used for decaf, and optionally creates it, if it does not exist yet.
- It will also ask the database informations: host, database name, user and password
The configuration file for DeCaf, /etc/decaf.conf will be created and protected with chmod 600 /etc/decaf.conf. For this example, it would contain these lines:
database=decaf host=localhost user=decaf password=secret decaf_user=decaf
Configure pam-mount. Create the directory /var/run/decaf/union-rw. In the file /etc/security/pam_mount.conf, change the unmount-list to:
umount /bin/umount -l %(MNTPT)
and add these lines
volume decaf tmpfs - tmpfs /var/run/decaf/union-rw mode=700,uid=decaf - - volume decaf unionfs - unionfs /home/decaf dirs=/var/run/decaf/union-rw=rw:/home/decaf=ro - -
Modify the pam setup for the desired login method, in this case, /etc/pam.d/gdm:
auth [ignore=reset system_err=reset default=done] pam_decaf.so @include common-auth @include common-account @include common-session session required pam_mount.so @include common-password
Handing out timecodes