HowTos for users
Every user should change her or his password by using GOsa². To do so, just use a browser and go to https://www/gosa/.
Using GOsa² to change the password ensures that Kerberos (krbPrincipalKey), LDAP (userPassword) and Samba (sambaNTPassword and sambaLMPassword) passwords are the same.
Changing passwords using PAM is working (ie at the KDM/GDM login prompt), but this will only update the Kerberos password, and not the Samba and GOsa² (LDAP) password. So after you changed your password at the login prompt, you really should also change it using GOsa².
Running standalone Java applications
Standalone Java applications are supported out of the box by the OpenJDK Java runtime.
Running Java applications in the web browser
Running Java applets in the browser are supported out of the box by the OpenJDK Java runtime.
All users can send and receive mails within the internal network. To allow mail outside the internal network, the adminstrator needs to configure the mailserver exim4 to suit the local situation, starting with dpkg-reconfigure exim4-config.
Every user who wants to use KMail (or Icedove, not installed by default) needs to configure it as follows. For a user with username jdoe the internal email address is firstname.lastname@example.org.
- Start KMail
- Close the tip of the day
- Cancel the Account Assistant
- Open Settings/Configure KMail
- Modify the default identity
- enter your email address
- make sure that 'postoffice.intern' is the default domain (tab Advanced)
- click OK
- Choose Accounts out of the menu
- click add
- choose imap-server (get rid of KWallet each time it pops up)
- enter 'intern' as account name and 'postoffice.intern' as imap server
- check if the username is present
- don't enter the password, as Kerberos single sign on will be used
- click the tab Advanced
- click 'Auto detect', then change Authentication manually from 'Login' to 'GSSAPI'
- click ok
- accept the certificate (forever)
- click ok
- Open Settings/Configure KMail to configure Sending
- click Add
- enter 'intern' as name and set it as default, choose SMTP
- click 'Create and Configure'
- enter 'postoffice.intern' as outgoing server name
- check 'server requires authentication'
- enter username; again, omit the password
- click OK
- click on the just configured server entry, click 'Modify'
- click advanced configuration
- click detect automatically
- click two times OK
- You should now be able to read your welcome email (next message).
- Start Icedove
- Click 'Skip this and use my existing email'
- Enter your email address
- Uncheck 'Remember password'
- Don't enter your password as Kerberos single sign on will be used
- Click 'Continue'
- Click 'Manual config'
- Under Authentication, change it to 'Kerberos/GSSAPI' for SMTP as well
- Click 'Done'
- A warning pops up, check 'I understand the risks' and click 'Done'
- First time accessing the inbox click 'Confirm Security Exception' to accept the certificate
Obtaining a Kerberos ticket to read email on diskless workstations
If working on a diskless workstation, you don't have a Kerberos TGT by default. To get one, click the credentials button in the system tray. Enter your password and the ticket will be granted.
On thin clients, pavucontrol or alsamixer (but not kmix) can be used to change audio volume.
On other machines (workstations, LTSP servers, and diskless workstations), kmix or alsamixer can be used.