Basic Setup
Server-side Changes
Client-side Changes
Adding New Clients

Additional Features
Locking FireFox
PDF Support
Background Image
Printing

Advanced Issues
Securing Connection
Client Firewall
Detect Kiosk Idle
Booting Clients Remotely

Tailored Tools

Linux-based WWW-Kiosk using LTSP 3.0

This brief documentation tells how to build a relatively safe web kiosk using LTSP packages. The LTS project has developed a thin X client that runs its programs in a server. However, the requirements of the project described here were slightly different from LTSP's:

• No need/access for LTS-aware DHCP server
• Hard to hack (the clients should not have any physical filesystem, only a read-only NFS)
• Run X server and all applications locally and not on server as in model of LTSP
• Run programs on normal UID (see su_kiosk.c)
• LDAPS authentication (own GTK-based tool and stunnel for SSL)
• Different profiles for kiosks (authentication, firewall, browser's settings)

Theory of Operation

When installed, the LTSP WWW Kiosk server:

• Provides run-time kernel, kernel parameters and initial filesystem (initrd) via https
• Provides run-time filesystem via read-only SSL-secured NFS filesystem

The Kiosk client:

• Contains boot-time kernel, which retrieves the run-time kernel, kernel parameters and initial filesystem (initrd) from the server
• Uses the SSL-secured NFS file system after the boot, so all binaries are retrieved from the server
• Client behaviour (authentication, printing etc) can be controlled by editing client variables and xinitrc script
• The client does not contain any local filesystem

Main Steps for Setup

1. Install the LTSP 3.0 as documented in the LTSP site
2. Make server-side changes
3. Make client-side changes
   
   At this point you should have a working WWW Kiosk client-server environment. However, if you are running the server in an unsecure network, you may be worried about security issues.
    
4. How to reduce risk of man-in-a-middle attacks
5. Many enviroments would like to allow printing

Most recent updates

• Kiosk patch for xpdf 3.02pl1 is available (2-AUG-2007)
• Changes in site design (30-MAR-2006)
• Kiosk patch for xpdf 3.01pl2 is available (14-FEB-2006)
• Kiosk patch for xpdf 3.01pl1 is available (22-DEC-2005)
• Kiosk patch for xpdf 3.01 is available (1-NOV-2005)
• kiosk_login 1.0.4.2 contains some bugfixes (24-AUG-2005)

TODO

• Take a look at R-Kiosk FireFox extension
• Take a look at http://www.eng.uwaterloo.ca/twiki/bin/view/Linux/FirefoxLockdown - any hints how to make easier to adopt new FireFox versions
• FireFox 1.5 kiosk patch, disable about:config