Basic Setup
Server-side Changes
Client-side Changes
Adding New Clients

Additional Features
Locking FireFox
PDF Support
Background Image
Printing

Advanced Issues
Securing Connection
Client Firewall
Detect Kiosk Idle
Booting Clients Remotely

Tailored Tools

Using server certificates with stunnel

stunnel is a useful program for creating SSL-secured tunnels for TCP. For increased security you may want to verify the server key with -v flag. Here is a quote from my script that secures LDAP connections between kiosk_login program and our LDAP server (please note that I'm using stunnel 3.x, while the current version is 4.x):

/usr/sbin/stunnel -c -D 0 -o /dev/null -P none -d localhost:389 \
	-r ldap-internal.it.helsinki.fi:636 \
	-v 2 -A /etc/HY-CA.pem

The script is located in client's /etc/rc.d/ and executed using lts.conf RCFILE_x feature.

stunnel needs openssl libraries as you can see with ldd tool (e.g. ldd /usr/sbin/ldd). You also have to have the stunnel configuration file. My configuration file was located in /usr/share/ssl/openssl.cnf, you mileage may vary.