Thanks for the answers. Yes, it would be fine, if Sage could use other authentication systems, and run processes in the name of other users.
I'm quite new to Sage developping, but in next month I will try to implement this features. Most of the ftp servers do the same (the user types name and password, and gets in home directory) so it must be easy :) Peter Mora On Wed, Jul 22, 2009 at 8:29 PM, William Stein<wst...@gmail.com> wrote: > > On Wed, Jul 22, 2009 at 11:21 AM, nrbruin<nbr...@sfu.ca> wrote: >> >> I have wondered about Peter's problem as well. Particularly in larger >> classes, one wouldn't necessarily trust all students to behave nicely. >> In those cases, it would be nice to have a sage notebook that runs a >> little more locked down. >> >> As a point of feedback that some of the sage advocates might care >> about: >> The security concerns have prevented me from asking the local >> sysadmins to install a student-accessible notebook server. If we had >> one, I would be more inclined to include some sage-based assignments >> in courses (I have tried before, relying on the public servers - with >> mixed results) >> >> A partial solution would be to have a "sage coursework appliance", >> running as a virtual machine. In a virtual machine, there would be no >> problem binding (local) unix UIDs to sage notebook server accounts. >> Then the sage engine could be run setuid-ed to the corresponding user >> id, thus shielding students more properly from each other. Plus, an >> expert would only have to do all the setroot jailing etc. once, for >> the benefit of everybody else. I wouldn't trust myself, or the average >> sysadmin, with setting up a proper setroot jail. >> >> If there were an admin page where one can manage accounts in a big >> table (class list upload?), it could be quite straightforward to set >> up accounts for the course. >> >> In fact, there are universities that have a central authentication >> service, such as http://www.jasig.org/cas. If sage's authentication >> were to be made pluggable, plugging into services like that would be >> not particularly difficult and means you don't have to do any password >> management. There is a trusted third party that will vouch for the >> user's identity. All you're left with is to decide if that user is >> authorized to use the service. That means no handing out of login >> details in class! It also means that students are using the service >> with an account that is definitely trackable to them. That's a >> deterrent to misbehaviour. >> >> Perhaps William feels inclined to consider these options when he >> starts working on the notebook in September? He'll probably come up >> with much better solutions. > > Yep, that's exactly my plan. I think everybody agrees that a > trivial-to-use implementation of > the sort of backed infrastructure you describe above would vastly > increase the potential deployability of Sage. Many thanks for > clearly laying out what users need above. > > William > >> >> > >> > > > > -- > William Stein > Associate Professor of Mathematics > University of Washington > http://wstein.org > > > > --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to sage-devel-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
