HowTos for users
Every user should change her or his password by using GOsa². To do so, just use a browser and go to https://www/gosa/.
Using GOsa² to change the password ensures that passwords for Kerberos (krbPrincipalKey), LDAP (userPassword) and Samba (sambaNTPassword and sambaLMPassword) are the same.
Changing passwords using PAM is working also at the GDM login prompt, but this will only update the Kerberos password, and not the Samba and GOsa² (LDAP) password. So after you changed your password at the login prompt, you really should also change it using GOsa².
Running standalone Java applications
Standalone Java applications are supported out of the box by the OpenJDK Java runtime.
All users can send and receive mails within the internal network; certificates are provided to allow TLS secured connections. To allow mail outside the internal network, the administrator needs to configure the mailserver exim4 to suit the local situation, starting with dpkg-reconfigure exim4-config.
Every user who wants to use Thunderbird needs to configure it as follows. For a user with username jdoe the internal email address is firstname.lastname@example.org.
- Start Thunderbird
- Click 'Skip this and use my existing email'
- Enter your email address
- Don't enter your password as Kerberos single sign on will be used
- Click 'Continue'
- For both IMAP and SMTP the settings should be 'STARTTLS' and 'Kerberos/GSSAPI'; adjust if not detected automatically
- Click 'Done'
Obtaining a Kerberos ticket to read email on diskless workstations
If working on a diskless workstation, you don't have a Kerberos TGT by default. To get one, click the credentials button in the system tray. Enter your password and the ticket will be granted.