IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 23 November 2013   (all times are UTC)

00:45PieOrCake has left IRC (PieOrCake!65a12333@gateway/web/freenode/ip.101.161.35.51, Ping timeout: 250 seconds)
00:45xcom has left IRC (xcom!~wtf@pdpc/supporter/professional/seri, Ping timeout: 245 seconds)
00:57xcom has joined IRC (xcom!~wtf@pdpc/supporter/professional/seri)
01:06clepto has joined IRC (clepto!~chadlepto@unaffiliated/chadlepto)
01:09ChadLepto has left IRC (ChadLepto!~chadlepto@unaffiliated/chadlepto, Ping timeout: 265 seconds)
01:13clepto is now known as ChadLepto
01:30lns has left IRC (lns!~lns@pdpc/supporter/professional/lns, Remote host closed the connection)
01:34gbit has left IRC (gbit!~chatzilla@unaffiliated/gbit, Quit: ChatZilla 0.9.90.1 [Firefox 25.0.1/20131112160018])
01:36vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
02:19ChadLepto has left IRC (ChadLepto!~chadlepto@unaffiliated/chadlepto, Ping timeout: 272 seconds)
02:34ChadLepto has joined IRC (ChadLepto!~chadlepto@unaffiliated/chadlepto)
02:58alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
03:04lns has joined IRC (lns!~lns@pdpc/supporter/professional/lns)
03:06vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
03:44
<alkisg>
sbalneav: now that the local user account is always created, it'd be nice to have the ssh socket owned by him, so that localappsd, remoteapps etc can be run as that user too,
03:44
...how could we do that?
03:44
One idea is for ldm to do 2 ssh connections, the first one as root as it is now,
03:45
and then, once the local user account is set up, for ldm to close the first ssh connection and initiate another, as the local user
03:46
Another idea, is that since we're doing username mapping and not uid mapping, to create the ssh socket as some "ldm user", and then after login, to modify the "ldm" username to $USER
03:47
Unfortunately `chown user:user ssh_socket` doesn't seem to work for ssh -S commands later on... so those ^ 2 solutions are the only ones I can think of
03:54
<vagrantc>
libpam_sshauth basically creates two sockets
03:55
first as root, second as the user
03:55
or at least the hooks we run with pam_exec
03:56
<alkisg>
How does it do that? With 2 logins?
03:57Fenuks has joined IRC (Fenuks!~Fenuks@176.51.94.137)
04:00
<alkisg>
I think it's using shm_askpass to retrieve the password from the pam stack, so I think it's doing 2 logins, yeah
04:01
<vagrantc>
yeah
04:02
http://bazaar.launchpad.net/~vagrantc/ltsp/ltsp-pam-examples/view/head:/ltsp-pam/ltsp-session
04:03* alkisg is wondering how much of a "rewrite" it would be to make the newer ldm depend on and use libpam_sshauth...
04:06
<vagrantc>
just to open and close the socket?
04:06
<alkisg>
No, in order to progressively move forwards to ltsp 6
04:06
<vagrantc>
sure
04:06
<alkisg>
It'll take many months to prepare the code base for ldm removal
04:06
<vagrantc>
the more incremental the better
04:07
<alkisg>
While if e.g. making ldm depend on libpam_sshauth only took a few days... then we could continue from there
04:08
Move the scripts we can so that they're called from pam hooks, but leave the scripts that we can't as they are now,
04:09
remove all of the user account creation code from the scripts since libpam_sshauth would do it for us, run ltsp-localappsd as that user, ...
04:09
<vagrantc>
i like the idea in theory, but it doesn't sound like a non-trivial project to add pam support to LDM
04:10
<alkisg>
Not pam support, just local login support
04:10
<vagrantc>
how would LDM pass the password on to libpam_sshauth ?
04:11
<alkisg>
It wouldn't; it would pass it to e.g. login or to su
04:11
Write it to its stdin
04:11
<vagrantc>
so screenscraping a local program instead of over an ssh connection?
04:11
<alkisg>
Something like that, yup
04:11
<vagrantc>
we don't really have any more control on their output that we do on ssh
04:13
but i guess it could work
04:14
<alkisg>
It wouldn't solve the password expiry problem, yeah, it would just allow us to progressively move forward
04:17
...or we could just reimplement the libpam_sshauth logic so that we have 2 sockets, similar hooks etc
04:24
<vagrantc>
i had experimented with using libpam-sshauth for things other than display managers, at one point.
04:27
<alkisg>
I tried screen-scraping a local login with "login" and "expect", it was quite easy
04:28
I don't see why replacing ssh screen scraping with login screen scraping would be hard...
04:33
vagrantc: should I try to change LDM's ssh.c to login.c so that we move forward with LTSP 6 that way?
04:33
Or, sbalneav, could you? ^
04:41
vagrantc: the first LDM implementation was in python, right? Why was that changed, for RAM issues, for chroot size, ...?
04:42
After login, python doesn't have to keep running, so I don't think there are RAM issues involved, just the size a couple of MB for python-glade etc...
04:43
*just the chroot size
04:44adrianorg has left IRC (adrianorg!~adrianorg@177.132.221.243, Ping timeout: 272 seconds)
04:44
<vagrantc>
alkisg: speed issues
04:44
<alkisg>
Ah
04:44
<vagrantc>
in addition
04:45
alkisg: i think copying ssh.c to another plugin and calling that ... it supports multiple plugins, at least in theory
04:45* vagrantc notes that the rdp plugin uses rdesktop
04:45adrianorg has joined IRC (adrianorg!~adrianorg@177.132.221.243)
04:46
<alkisg>
vagrantc: we would drop ssh.c if we made ldm depend on libpam_sshauth...
04:46
So that we're then able to move the hooks in the proper place
04:46
If you agree, I can start testing that today already
04:47
<vagrantc>
alkisg: but for a quick hack-up, implementing it side-by-side ...
04:47
<alkisg>
OK, and once we verify that it works, we drop ssh.c?
04:47
<vagrantc>
i think it would be an interesting approach...
04:47
oh, it wouldn't support ssh keys...
04:48
well, maybe libpam-sshauth supported ssh keys...
04:48* vagrantc forget
04:48* alkisg has this morning free and he wants to do some ltsp-related work... :)
04:49
<vagrantc>
i should join you!
04:49
<alkisg>
I've succeeded with the user pulse thing, but it feels wrong to run local user processes just for pulse, so I don't want to do that until we're ready for localappsd etc as well
04:50
And for that we need the user-owned ssh socket, that's why I'm asking about ldm/libpam_sshauth...
04:50
<vagrantc>
alkisg: i wouldn't say it's wrong to run just pulse as the local user...
04:50
alkisg: incremental progress
04:50
<alkisg>
It'd be ran by a pam hook then
04:50
<vagrantc>
right
04:51
doing the /bin/login hack?
04:51
<alkisg>
Right, that's how I suggest we move forward
04:51
<vagrantc>
although, i really just want to roll out some uploads, get that out of the way
04:51
<alkisg>
First, I implement the /bin/login hack with a new login.c for ldm
04:52* alkisg doesn't need to commit login.c to trunk yet, np there
04:52
<vagrantc>
sure
04:52
<alkisg>
If that's a good way forward though, I can try to implement it today
04:52
That would mean that your next upload of ldm would depend on libpam_sshauth....
04:53
<vagrantc>
unless i try to beat your implementation by uploading now! :)
04:53
<alkisg>
I mean your upload after the one you plan for this weekend, in a few weeks or so
04:54
So if we want to move forward with ltsp 6 by first depending on libpam_sshauth WHILE keep using LDM, then I can start hacking today :)
04:55
<vagrantc>
i think it's worth trying
04:55
you say epoptes is ready for upload?
04:55
<alkisg>
Yes, except for the usual versioning commit
04:56
<vagrantc>
the upstream, or debian versioning?
04:56
<alkisg>
The upstream one
04:57
vagrantc: that one: http://bazaar.launchpad.net/~epoptes/epoptes/trunk/revision/327
04:58
(and the debian/changelog versioning too, of course, like r328...)
04:58
vagrantc: is the libpam_sshauth README enough to set it up in an ltsp chroot?
04:59
Or do I need to read any notes in the web you or sbalneav might have?
05:00
<vagrantc>
i dunno, i just built the ltsp-pam package 6 or so months ago and forgot whhat i'm doing
05:04lns has left IRC (lns!~lns@pdpc/supporter/professional/lns, Remote host closed the connection)
05:04
<alkisg>
Meh, login needs 4 MB RAM :
05:07* alkisg tests sudo instead...
05:08ChadLepto has left IRC (ChadLepto!~chadlepto@unaffiliated/chadlepto, Ping timeout: 252 seconds)
05:10
<vagrantc>
or su
05:14alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 272 seconds)
05:25ChadLepto has joined IRC (ChadLepto!~chadlepto@unaffiliated/chadlepto)
06:41
<vagrantc>
alkisg: some bad news... epoptes daemon doesn't start on jessie
06:43Fenuks has left IRC (Fenuks!~Fenuks@176.51.94.137, Ping timeout: 264 seconds)
06:51gdi2k has joined IRC (gdi2k!~gdi2k@112.198.243.248)
07:57
<vagrantc>
well, nothing's broken ltsp just yet...
08:43vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
09:03telex has left IRC (telex!~telex@freeshell.de, Remote host closed the connection)
09:04bennabiy has left IRC (bennabiy!~Thunderbi@24-181-55-79.dhcp.gnvl.sc.charter.com, Ping timeout: 272 seconds)
09:04bennabiy has joined IRC (bennabiy!~Thunderbi@24-181-55-79.dhcp.gnvl.sc.charter.com)
09:04telex has joined IRC (telex!~telex@freeshell.de)
09:56freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
10:44freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Ping timeout: 272 seconds)
10:59freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
11:14lmds_ has left IRC (lmds_!~lmds@tui.pi-et-ro.net, Ping timeout: 264 seconds)
11:15lmds_ has joined IRC (lmds_!~lmds@213.41.240.245)
12:27khildin has joined IRC (khildin!~khildin@ip-213-49-83-180.dsl.scarlet.be)
12:59alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
13:26markit has joined IRC (markit!~marco@88-149-177-66.v4.ngi.it)
13:26
<markit>
!grub-ipxe
13:26
<ltsp>
grub-ipxe: http://packages.ubuntu.com/grub-ipxe can be used to add a "Boot from network" option to grub2.
13:26
<markit>
!win32-loader
13:26
<ltsp>
win32-loader: win32-loader.exe adds a "PXE - Network boot" option to the Windows boot manager. It's developed for Debian and it uses http://ipxe.org for the network booting. Download it from http://ftp.debian.org/debian/tools/win32-loader/stable. More info at http://goo.gl/FPD7Zv
13:34
<markit>
!proxydhcp
13:34
<ltsp>
proxydhcp: A proxy DHCP server is defined by the PXE specification as a server which sends auxiliary boot information to clients, like the boot filename, tftp server or rootpath, but leaves the task of IP leasing to the normal DHCP server. More info: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP
13:45
<markit>
alkisg: I'm revisioning some of my notes, I've a dubt not understanding what I'm talking about but just seeing the same config
13:46
time ago you told me about /etc/nbd-server/conf.d/ltsp_i386.conf:[/opt/ltsp/i386] instead of /etc/nbd-server/conf.d/ltsp_i386.conf:[:ltsp_i386]
13:46
looking at https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP
13:47
in troubleshooting is cited a ":ltsp_i386"
13:47
is that too to become "/opt/ltsp/i386" if I use greek repo (or more recent ltsp version than the one in 12.04)?
13:47
or is totally unrelated?
13:51
<alkisg>
markit: yes, it's as you say it
13:58alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
14:03
<markit>
ok, fixed the wiki "for more recent version of ltsp"
14:26Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
14:34Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Ping timeout: 246 seconds)
14:42Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
15:15markit has left IRC (markit!~marco@88-149-177-66.v4.ngi.it, )
15:32christophe_y2k has joined IRC (christophe_y2k!~christoph@man06-3-78-237-22-85.fbx.proxad.net)
15:49bennabiy has left IRC (bennabiy!~Thunderbi@24-181-55-79.dhcp.gnvl.sc.charter.com, Remote host closed the connection)
15:50bennabiy has joined IRC (bennabiy!~Thunderbi@24-181-55-79.dhcp.gnvl.sc.charter.com)
15:59gbit has joined IRC (gbit!~chatzilla@189-73-163-70.cslce700.dsl.brasiltelecom.net.br)
15:59gbit has joined IRC (gbit!~chatzilla@unaffiliated/gbit)
16:06alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
16:47alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 252 seconds)
16:57alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
16:59Mava has left IRC (Mava!~Mava@ip-45-201.dhcp.opintanner.fi, Ping timeout: 272 seconds)
17:10alkisg1 has joined IRC (alkisg1!~alkisg@ubuntu/member/alkisg)
17:13alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 246 seconds)
17:28alkisg1 is now known as alkisg
19:24laprag has joined IRC (laprag!~laprag@ti0071a380-dhcp1620.bb.online.no)
19:50freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Ping timeout: 246 seconds)
20:06freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
20:22adrianorg has left IRC (adrianorg!~adrianorg@177.132.221.243, Read error: Connection reset by peer)
20:26adrianorg has joined IRC (adrianorg!~adrianorg@189.58.229.102.dynamic.adsl.gvt.net.br)
21:21alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
21:35alexqwesa has left IRC (alexqwesa!~alex@109.172.12.47, Remote host closed the connection)
21:44khildin has left IRC (khildin!~khildin@ip-213-49-83-180.dsl.scarlet.be, Quit: I'm gone, bye bye)
21:51gdi2k_ has joined IRC (gdi2k_!~gdi2k@120.28.232.172)
21:53laprag has left IRC (laprag!~laprag@ti0071a380-dhcp1620.bb.online.no, Remote host closed the connection)
21:54gdi2k has left IRC (gdi2k!~gdi2k@112.198.243.248, Ping timeout: 248 seconds)
21:55laprag has joined IRC (laprag!~laprag@ti0071a380-dhcp1620.bb.online.no)
21:56alexqwesa has joined IRC (alexqwesa!~alex@109.172.12.47)
21:56laprag has joined IRC (laprag!~laprag@ti0071a380-dhcp1620.bb.online.no)
22:01laprag has left IRC (laprag!~laprag@ti0071a380-dhcp1620.bb.online.no, Ping timeout: 264 seconds)
22:08vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
22:10hs366 has joined IRC (hs366!~hs366@94.254.45.76)
22:12
<vagrantc>
Phantomas: had problems with epoptes
22:12
Phantomas: the daemon wouldn't start
22:13
<Phantomas>
vagrantc: hey, yeah, alkisg told me
22:13
<vagrantc>
i can dig up an error log somehwere
22:13
<Phantomas>
we'll check it out tomorrow (Sunday)
22:13
<vagrantc>
ok
22:13
<Phantomas>
that'd be useful
22:13
<vagrantc>
my test environment was Debian Jessie
22:13alexqwesa has left IRC (alexqwesa!~alex@109.172.12.47, Ping timeout: 272 seconds)
22:14
<vagrantc>
and from a tty, not X
22:15
<Phantomas>
the daemon should start from a tty too, so, i need to check it!
22:15
<vagrantc>
sure
22:15
<Phantomas>
If you could find the log, it would be a great help
22:16
although i will probably download jessie to test it real time, i could get an idea from the log
22:17* vagrantc digs up the error log
22:17alexqwesa has joined IRC (alexqwesa!~alex@109.172.12.47)
22:19
<vagrantc>
Phantomas: http://paste.debian.net/67418
22:20
Phantomas: it worked fine with the earlier version of epoptes, so i had a working configuration
22:20
oh, i didn't try a clean install, maybe there was an upgrading problem...
22:20freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Quit: So long and thanks for all the fish)
22:21
<vagrantc>
looks like it's looking for a config file in root's homedir?
22:21
specifically, /root/.config/epoptes/
22:22
<Phantomas>
Hm, yep... You're with trunk, or latest release?
22:22
<vagrantc>
Phantomas: building from trunk, was hoping to upload a new release to debian
22:22
<Phantomas>
yes, I remember, just confirming :)
22:23hs366 has left IRC (hs366!~hs366@94.254.45.76, Quit: Leaving)
22:23
<Phantomas>
ok that was helpful, I will check it out and keep you informed
22:24
<vagrantc>
great
22:24* vagrantc should've posted to the mailing list, i guess
22:24
<Phantomas>
It probably isn't an upgrading problem, so don't bother checking
22:24
<vagrantc>
seems like a daemon should be looking in /etc for a config file, not in root's homedir
22:25freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
22:25
<Phantomas>
yep indeed, it's the config module that messes it up
22:25
<vagrantc>
and alkisg said it was all ready to go :)
22:26
<Phantomas>
nah, not his fault, I told him so... :(
22:26
<vagrantc>
if you can get it ready tomorrow, then i can upload monday hopefully
22:27
otherwise it may be another week or two
22:27
<Phantomas>
No, expect it tomorrow!
22:27
<vagrantc>
of course, end of sunday your timezone is actually probably mid-sunday mine :)
22:28
<Phantomas>
UTC+2 here
22:31
Sorry for the trouble! I guess I need to test in a fresh installation before a release
22:32adrianorg has left IRC (adrianorg!~adrianorg@189.58.229.102.dynamic.adsl.gvt.net.br, Ping timeout: 252 seconds)
22:34adrianorg has joined IRC (adrianorg!~adrianorg@177.156.230.206)
23:52
<vagrantc>
eesh. forgot to look over the bug reports...
23:52
that'll delay upload a bit.