Debian Edu Networked common packages

Autofs controls the operation of the automount daemons. The automount daemons automatically mount filesystems when they are used and unmount them after a period of inactivity. This is done based on a set of pre-configured maps.

The kernel automounter implements an almost complete SunOS style automounter under Linux. A recent version of the kernel autofs4 module (builtin or separate) is required.

This is the LDAP module of the autofs.

This package provides cups-browsed, a daemon which browses the Bonjour broadcasts of shared remote CUPS printers and makes the printers available locally, replacing the CUPS broadcasting/browsing which was dropped in CUPS 1.6.x. This way the old behavior of having the remote printers available automatically is now re-implemented with Bonjour.

cups-browsed is also useful with a CUPS >= 1.6 client to allow the latter to browse the printer list of CUPS < 1.6 servers (by using the old 'cups' protocol in BrowseRemoteProtocols).

cups-browsed is also useful with a CUPS >= 1.6 server to allow CUPS < 1.6 clients to browse its printer list (by using the old 'cups' protocol in BrowseLocalProtocols).

The Common UNIX Printing System (or CUPS(tm)) is a printing system and general replacement for lpd and the like. It supports the Internet Printing Protocol (IPP), and has its own filtering driver model for handling various document types.

This package provides the parts of CUPS which are needed for driverless printing on IPP printers with common data formats.

A metapackage containing dependencies for packages required on all installations in the Debian Edu Blend.

killer is a perl script that gets rid of background jobs. Background jobs are defined as processes that belong to users who are not currently logged into the machine. Jobs can be run in the background (and are exempt from killer's actions) if their scheduling priority has been reduced by increasing their nice(1) value or if they are being run through condor.

When the package is installed, a cron job is installed to run killer once an hour.

Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the Kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals").

This is the MIT reference implementation of Kerberos V5.

This package contains the basic programs to authenticate to MIT Kerberos, change passwords, and talk to the admin server (to create and delete principals, list principals, etc.).

This package provides utilities from the OpenLDAP (Lightweight Directory Access Protocol) package. These utilities can access a local or remote LDAP server and contain all the client programs required to access LDAP servers.

From a first glance ldapvi looks like ldapsearch: You search for entries in the ldap database. But the results get opened in your preferred editor, and you can change, add or delete entries from there. After you are done you quit the editor and ldapvi offers you several options: View your changes as LDIF, commit changes or discard them.

This package provides a Name Service Switch module that allows using an LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that would normally be retrieved from /etc flat files or NIS.

This is the Cyrus SASL API implementation, version 2.1. See package libsasl2-2 and RFC 2222 for more information.

This package provides the GSSAPI plugin, compiled with the MIT Kerberos 5 library.

Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration.

This package contains the daemon for the nodes being monitored. You should install it on all the nodes in your network. It will know how to extract all sorts of data from the node it runs on, and will wait for the gatherer to request this data for further processing.

Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent RRDtool. To see a real example of Munin in action, you can follow a link from http://munin-monitoring.org/ to a live installation.

Use this package on any machine that uses NFS, either as client or server. Programs included: lockd, statd, showmount, nfsstat, gssd, idmapd and mount.nfs.

Includes tools to dump and look up hosts, users and domains from the netgroup database. The netgroup tool is used to list all members of a netgroup, while the innetgr tool is used to check if a given user/host is listed as a member of a netgroup.

This package provides a daemon for retrieving user accounts and similar system information from LDAP. It is used by the libnss-ldapd and libpam-ldapd packages but is not very useful by itself.

nvram-wakeup can read and write the wake up time in the BIOS (via /dev/nvram on recent 2.4.x kernels or direct I/O port access). On this wake up time the computer will be powered on automatically from the soft-off state. For the video disc recorder VDR, nvram-wakeup installs a hook script, that allows VDR to set a wake up time, when it powers down.

This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group.

Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel.

This package provides the sshd server.

In some countries it may be illegal to use any encryption at all without a special permit.

sshd replaces the insecure rshd program, which is obsolete for most purposes.

p910nd is a small daemon that copies any data received on the port it is listening on to the corresponding printer port.

It is primarily intended for diskless Linux hosts running as printer drivers but there is no reason why it could not be used on diskful hosts.

Port 9100 is copied to /dev/lp0, 9101 to /dev/lp1 and 9102 to /dev/lp2. The default is port 9100 to /dev/lp0.

With this tool you can schedule regular shutdowns of workstations in the evening, and also wake them up every morning, using either nvram-wakeup, ACPI wakeup or wake-on-lan.

For the wake-on-lan wake-up sequence you need one awake machine on your local network / subnet. This can be a server machine or a client machine that got just previously woken up by nvram-wakeup.

The shutdown sequence will be initiated hourly after 4pm via a CRON job. However, only machines that appear inactive / unused will be shut down. Machines that are currently in use will remain up and running.

The Shutdown-at-Night tool can be activated via a config file or via membership in a NIS netgroup called shutdown-at-night-hosts.

The sitesummary system makes it easier to keep track of a lot of machines, by allowing each machine to report their existence once a day to a central collector, and using this collector to make summary reports about the hosts.

This package is the client part, reporting in to the server after boot and once a day.

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.

sudo-ldap will be supported up to Debian 13 "trixie" and will be removed in Debian 14. Please do not use sudo-ldap for new installations and consider migrating your existing installations to libsss-sudo and sssd.

This version is built with LDAP support, which allows an equivalent of the sudoers database to be distributed via LDAP. Authentication is still performed via pam.

The SMB/CIFS protocol provides support for cross-platform file sharing with Microsoft Windows, OS X, and other Unix systems.

This package provides utilities for managing mounts of CIFS network file systems.

Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.

By default, it comes with filter expressions for various services (sshd, Apache, proftpd, sasl, etc.) but configuration can be easily extended for monitoring any other text file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. Following recommends are listed:

• iptables/nftables -- default installation uses iptables for banning. nftables is also supported. You most probably need it
• whois -- used by a number of mail-whois actions to send notification emails with whois information about attacker hosts. Unless you will use those you don't need whois
• python3-pyinotify -- unless you monitor services logs via systemd, you need pyinotify for efficient monitoring for log files changes

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

This package provide the nss library to connect to the sssd daemon.

This package provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable. Used in conjunction with the nss_updatedb utility, it provides a mechanism for disconnected use of network directories. They are designed to work with libpam-ldap and libnss-ldap.

This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as (semi-)diskless stations where many users can login.

The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE, dm-crypt and LUKS.

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

This package provide the pam module to connect to the sssd daemon.

A daemon which handles passwd, group and host lookups for running programs and caches the results for the next query. You should install this package only if you use slow services like LDAP, NIS or NIS+.

Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator to keep track of the hardware and software configurations of computers that are installed on the network. It also allows deploying software, scripts and files on client computers.

This package contains the client part.