IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 19 May 2014   (all times are UTC)

00:54gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
01:17PhoenixSTF has left IRC (PhoenixSTF!~rudiservo@78.29.147.214, Quit: Leaving)
01:25gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Read error: No route to host)
01:25gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
01:58gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Ping timeout: 240 seconds)
02:17gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Ping timeout: 264 seconds)
02:40ball has joined IRC (ball!ball@162-202-67-158.lightspeed.livnmi.sbcglobal.net)
02:55gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
03:09andygraybeal has left IRC (andygraybeal!~andy@h212.217.213.151.dynamic.ip.windstream.net, Ping timeout: 240 seconds)
03:28gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Ping timeout: 240 seconds)
04:18gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
04:20ball has left IRC (ball!ball@162-202-67-158.lightspeed.livnmi.sbcglobal.net, Quit: Sleep)
05:12telex has left IRC (telex!~telex@freeshell.de, Remote host closed the connection)
05:14telex has joined IRC (telex!~telex@freeshell.de)
05:19mikkel has joined IRC (mikkel!~mikkel@93.176.85.50)
05:25vmlintu has joined IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi)
06:02mealstrom has left IRC (mealstrom!~Thunderbi@46.63.63.163, Ping timeout: 255 seconds)
06:19gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Remote host closed the connection)
06:21alexxtasi has joined IRC (alexxtasi!~alex@unaffiliated/alexxtasi)
06:24khildin has joined IRC (khildin!~khildin@ip-213-49-85-111.dsl.scarlet.be)
06:38DanSwano has joined IRC (DanSwano!~danswano@93.81.234.22)
06:38Yaann has joined IRC (Yaann!~yleger@online.vlq16.iliad.fr)
06:49gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
07:03gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Ping timeout: 240 seconds)
07:22gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
07:28gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Read error: Connection reset by peer)
07:30gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
07:31gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Read error: Connection reset by peer)
07:32gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
07:41gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Read error: Connection reset by peer)
07:42gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
07:51gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Read error: Connection reset by peer)
07:53gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
08:00gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
08:02gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Read error: Connection reset by peer)
08:02bennabiy has left IRC (bennabiy!~Thunderbi@96-37-209-0.dhcp.leds.al.charter.com, Ping timeout: 258 seconds)
08:03bennabiy has joined IRC (bennabiy!~Thunderbi@96-37-209-0.dhcp.leds.al.charter.com)
08:03gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
08:25mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
08:33gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Ping timeout: 252 seconds)
09:13Yaann has left IRC (Yaann!~yleger@online.vlq16.iliad.fr, Ping timeout: 240 seconds)
09:14khildin has left IRC (khildin!~khildin@ip-213-49-85-111.dsl.scarlet.be, Quit: I'm gone, bye bye)
09:26Yaann has joined IRC (Yaann!~yleger@online.vlq16.iliad.fr)
09:28headexplodingcat is now known as NotExplodingCat
09:30gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
09:35andygraybeal has joined IRC (andygraybeal!~andy@h212.217.213.151.dynamic.ip.windstream.net)
09:45gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Ping timeout: 255 seconds)
09:46Grembler has joined IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net)
09:47pppingme has left IRC (pppingme!~pppingme@unaffiliated/pppingme, Read error: Connection reset by peer)
09:49pppingme has joined IRC (pppingme!~pppingme@unaffiliated/pppingme)
09:51DanSwano has left IRC (DanSwano!~danswano@93.81.234.22, Remote host closed the connection)
09:53gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
09:54DanSwano has joined IRC (DanSwano!~danswano@93.81.234.22)
09:56markosu has left IRC (markosu!marko5@kapsi.fi, Quit: leaving)
09:57markosu has joined IRC (markosu!marko5@kapsi.fi)
10:03markosu has left IRC (markosu!marko5@kapsi.fi, Quit: leaving)
10:04markosu has joined IRC (markosu!marko5@kapsi.fi)
10:17Yaann has left IRC (Yaann!~yleger@online.vlq16.iliad.fr, Ping timeout: 240 seconds)
10:31markosu has left IRC (markosu!marko5@kapsi.fi, Quit: leaving)
10:32markosu has joined IRC (markosu!marko5@kapsi.fi)
10:57NotExplodingCat has left IRC (NotExplodingCat!~workingca@212.122.48.77, Remote host closed the connection)
11:02alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
11:10andygraybeal has left IRC (andygraybeal!~andy@h212.217.213.151.dynamic.ip.windstream.net, Ping timeout: 240 seconds)
11:12rafepren has joined IRC (rafepren!~rafepren@143.107.231.78)
11:16workingcats has joined IRC (workingcats!~workingca@212.122.48.77)
11:26
<DanSwano>
hello all
11:29
I can't start X as a regular user on some machines, the error is "Cannot open virtual console 7 (Permission denied)". On other machines all working correctly
11:29
I use LTSP built from wheezy i386
11:30
LTSP server is Debian Squeeze amd64
11:33
screen script is "kiosk /usr/bin/startfluxbox". When I set screen script to "ldm", X starts. How can I solve this problem?
11:34khildin has joined IRC (khildin!~khildin@ip-213-49-85-111.dsl.scarlet.be)
11:37Faith_ has joined IRC (Faith_!~paty@143.107.231.49)
11:40
<alkisg>
DanSwano: file a bug report against ltsp to get the kiosk mode fixed. Mention that "in non-KMS enabled graphics drivers, root is required to start X".
11:48john3213 has joined IRC (john3213!john3213@static-72-66-66-50.washdc.fios.verizon.net)
11:48gdi2k has left IRC (gdi2k!~gdi2k@222.127.58.191, Ping timeout: 276 seconds)
11:52
<cyberorg>
DanSwano, you can also suid X binary
11:52
alkisg, hi, the issue i was facing was missing -xkb option when epoptes started x11vnc
11:53john3213 has left IRC (john3213!john3213@static-72-66-66-50.washdc.fios.verizon.net)
11:55
<cyberorg>
DanSwano, on suse we have chmod 4777 /usr/bin/Xorg in /usr/share/ltsp/screen.d/kiosk
11:56
alkisg, so authentication was working when using special characters, but shift key and caps lock didn't work at all without -xkb
12:00gdi2k has joined IRC (gdi2k!~gdi2k@222.127.58.191)
12:09
<alkisg>
4777? Doesn't that allow anyone to write to Xorg, thus giving root access (suid) to anyone?
12:09
Maybe it should be 4755..
12:10
<cyberorg>
alkisg, you are right
12:10
<alkisg>
About -xkb, that depends on the source/target keyboard layouts, sometimes it helps, sometimes it hurts to use it...
12:15
<cyberorg>
alkisg, i was trying to log in using epoptes remote control, over a vnc connection, so it was double vnc, till i typed something in shell i didnt notice shift key not having any effect
12:16
<alkisg>
VNC gets confused some times, e.g. if you have caps lock pressed in the target computer, you need to press caps lock *outside* VNC to get to the same shift state as the target computer...
12:16* alkisg waves
12:16alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
12:29book` has left IRC (book`!~book`@192.241.198.49, Quit: ERC Version 5.3 (IRC client for Emacs))
12:31book` has joined IRC (book`!~book`@192.241.198.49)
12:33markit has joined IRC (markit!~marco@host208-38-static.243-95-b.business.telecomitalia.it)
13:08
<DanSwano>
thanks for help but now I have another problem: Invalid argument for -config
13:09monkwitdafunk has joined IRC (monkwitdafunk!~AndChat49@24.114.22.163)
13:09F-GT has joined IRC (F-GT!~phantom@ppp59-167-136-109.static.internode.on.net)
13:12
<DanSwano>
I can't see full xinit commandline but I think it's correct
13:19Grembler has left IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net, Quit: I Leave)
13:47cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Remote host closed the connection)
14:01bebep has joined IRC (bebep!502128c2@gateway/web/freenode/ip.80.33.40.194)
14:01
<bebep>
hi everibody
14:02
i have a problem. I'm using LTSP Fat clients. When the xscreensaver active, and you put your user and password.. not work. I think because your user not appear in /etc/shadow
14:03
<||cw>
bebep: what os/version? I do real that being a problem, but i thought there was a solution by now
14:03
real/recall/
14:03
<bebep>
server: Ubuntu 12.04
14:04
happend to everibody?
14:09
<Hyperbyte>
bebep, I think the solution is to use some username/password directory server, like LDAP or (dare I say it?) NIS
14:16
<markit>
just for curiosity, anyone has tryed/deployed _ubuntu 14.04 ltsp yet?
14:18
<bebep>
the problem solve using LDAP/AD?
14:21alexxtasi has left IRC (alexxtasi!~alex@unaffiliated/alexxtasi)
14:21
<||cw>
markit: I've heard it works fine, except for non-english keyboard mapping
14:21
but that's an overall ubuntu issue
14:22cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
14:22
<Hyperbyte>
markit, yeah, I have. I actually just upgraded 12.04. Apart from some theme issues, it works pretty well.
14:23
<bebep>
but
14:23
anybody WORK LOCK the screen?
14:23
and UNLOCK
14:23
?
14:24
<markit>
||cw: mmm I'm in Italy, bad bad news
14:24Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
14:24
<||cw>
bebep: might have been ltsp-pnp that solves it
14:24
<markit>
Hyperbyte: what DE? (I was using KDE)
14:25
<bebep>
LTSP PNP¿
14:26
<Hyperbyte>
markit, guh-nome!
14:26
bebep, yes, use LDAP.
14:27
<bebep>
only using LDAP/AC fix the problem? with likewise-open to join to domain, for example?
14:30
<Hyperbyte>
bebep, the problem is that the LTSP clients don't store the user password in /etc/shadow. This would be insecure.
14:31
And also unneeded, as LTSP clients authenticate once on startup and then shouldn't need the password again.
14:31
So when your screensaver/locker needs to authenticate the user, it can't, because the user has no password.
14:32
One way to remedy this is to set up a directory server in your network, like OpenLDAP or 389-DS, and then make the LTSP clients also LDAP clients, so they have all user info.
14:34
<bebep>
xD, i use fat clients, whit lxde . if the clients not lock the screen , and go to eat for example, when go back, other user can use the pc
14:35Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas, Quit: Leaving.)
14:37bebep has left IRC (bebep!502128c2@gateway/web/freenode/ip.80.33.40.194, Quit: Page closed)
14:45mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 240 seconds)
14:51mikkel has left IRC (mikkel!~mikkel@93.176.85.50, Quit: Leaving)
14:56
<monkwitdafunk>
Hey users
14:57
Is ltsp-5 included in debians most popular software dvd set? (3 dvd)
15:03
I just finished burning dvd1 to dvd3 as with debian gnu linux
15:07
<bennabiy>
markit: I am testing mint17 now (which is based on 14.04)
15:09
Hyperbyte: You can also as a temporary measure enable local root shell and just issue a passwd command (does not even have to be your normal password..
15:13
<Hyperbyte>
bennabiy, it didn't sound like he's looking for a temporary measure though.
15:14
<bennabiy>
Hyperbyte: Yes. I personally am looking more into LDAP, and also the code to do a per login entry, like it does with /etc/passwd, but have not been able to look into it yet
15:14
Up till the last week, I did not do much at all with fat clients, but now have a few labs which have mostly fat clients, so it changes the way I view things a little :)
15:15
<monkwitdafunk>
Which domains provide the best documentation of ltsp for pxe boot?
15:16
<bennabiy>
!ltsp-docs
15:16
<ltsp>
Error: "ltsp-docs" is not a valid command.
15:16
<bennabiy>
hrm
15:17
monkwitdafunk: Have you tried ltsp.org?
15:17
<monkwitdafunk>
Right. I havent visited for a long time
15:17
Thanks man
15:18
<bennabiy>
A good chunk of the info is still relevant
15:27Ark74 has joined IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx)
15:36mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.21.12)
15:47markit has left IRC (markit!~marco@host208-38-static.243-95-b.business.telecomitalia.it, Quit: Konversation terminated!)
15:47mealstrom has left IRC (mealstrom!~Thunderbi@46.63.21.12, Ping timeout: 264 seconds)
15:48mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.21.12)
15:50Ark74 has left IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx, Ping timeout: 240 seconds)
15:59pp20 has joined IRC (pp20!522c8782@gateway/web/freenode/ip.82.44.135.130)
16:01
<pp20>
Hello all. Does anyone have a solution to importing a spreadsheet of existing names (school children) into LTSP to create named accounts? instead of manually creating them one by one (i.e. creating 50 accounts by hand would be a pain).
16:03
<cyberorg>
http://linux.softpedia.com/get/Linux-Distributions/openSUSE-Edu-Li-f-e-MATE-103448.shtml
16:03
:)
16:03
pp20, you can create a script
16:05
<pp20>
cyberorg: thank you. could you point me in the direction of a known resource that could help me out?
16:05mealstrom has left IRC (mealstrom!~Thunderbi@46.63.21.12, Ping timeout: 240 seconds)
16:06
<cyberorg>
pp20, https://www.google.com/search?q=shell+script+adduser+csv+file&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb
16:07
<pp20>
cyberborg: fair enough :) just thought there may have been a known ltsp blog/post on this particular request. thanks, will swat up :)
16:08
cyberborg: meant to say ' a how-to blog/post...'
16:12T4b has left IRC (T4b!~t4b@120-196.107-92.cust.bluewin.ch, Ping timeout: 240 seconds)
16:12Ark74 has joined IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx)
16:20alkisg_web_ has joined IRC (alkisg_web_!~chatzilla@clnt-8lyk-ioann.ioa.sch.gr)
16:23alkisg_web_ has left IRC (alkisg_web_!~chatzilla@clnt-8lyk-ioann.ioa.sch.gr, Client Quit)
16:29gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Remote host closed the connection)
16:30T4b has joined IRC (T4b!~t4b@120-196.107-92.cust.bluewin.ch)
16:37gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
16:37
<pp20>
Last (hopefully) question of the day... does anyone know of a hardware matrix (or website with proven working specs) which cross referneces the hardware spec needed (for an ltsp server) for a certain amount of users? eg 20 users = 1x Xeon with 16GB ram or 100 users = 2x Xeons with 64GB ram?
16:37
hope that makes sense!
16:38vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
16:47
<pp20>
sorry, me being lazy! have found it!
16:49
<cyberorg>
pp20, how many clients you are planning?
16:50
<||cw>
pp20: that's actually difficult to do because it depends on what combination of applications your users will be running, and how they use them
16:51
you have to come up with a test case with several users and measure on a known system, then extrapolate
16:51
<cyberorg>
pp20, fat client is a way to go
16:52
<pp20>
cyberborg: it would be for my sons school. well, a recommendation anyway. i know they have a new server but think lots of old XP desktop (which isnt good!) think they have 100 children for the whole school (junior school)
16:52
<||cw>
cyberorg: only if you have dual cores systems readily and cheaply available
16:52
<cyberorg>
||cw, yes, and 2G ram
16:52
<||cw>
pp20: do the applications the use run on linux?
16:52
<pp20>
FYI all: found this - http://wiki.ltsp.org/wiki/Installation#Server
16:52freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
16:54
<pp20>
||cw: hi, i dont think they have any legacy apps so would be easy to transition to linux/libreoffice etc etc. plus theres some great apps (for youngsters at least) if the Edubuntu was rolled out.
16:54
<||cw>
that's true, but the curriculum will have to modified
16:55
<pp20>
curriculum? what do you mean?
16:55
<||cw>
and I wonder what workloads that guide was written in. those seem like to the minimums just for booting a basic desktop
16:55
<pp20>
||cw: are you UK based?
16:55
<||cw>
curriculum is what's being taught and how
16:55
no
16:56
<pp20>
||cw, sorry, yes i know what it means, i meant to ask why would it need to be modified? I am UK based.
16:56
<||cw>
like, if their books and quizzes and tests teach MS Office, they'll need all new books and test materials
16:57
plus teacher retraining
16:58
<pp20>
||cw: oh, I see what you mean. Good point. I guess I'd need to find out. It would be good if I could suggest they use this in conjunction with what they have already, maybe in their after school club or in addition to their IT suite.
16:58
just to get them used to Linux and open source apps.
16:59
<vagrantc>
supplimenting has a lower risk of failure than replacing
16:59
<pp20>
at least make them aware this stuff is out there
16:59
<||cw>
I'd suggest getting those that support the network on board first, then those that are teaching, then as a group a curriculum change should be easy enough.
16:59
you could do it one class at a time as well
17:00
<pp20>
vagrantc: true. plus im guessing with a new server (which im guessing is M$ based, they may have splashed out on CALS etc)
17:01
<vagrantc>
any change will cause some people to complain, and they'll blame the OS rather than change if it's a changed OS
17:02
<pp20>
||cw: vagrant: Think what i'll do is donate an old xw6000 worstation I have at home along with several laptops, set it all up running LTSP Edubuntu and let them use it how they want (which would most likely be in the after schools club as they dont have enough laptops to play on)
17:03
Thanks guys for the advice! got to go now but will now doubt be back for some more :)
17:03
appreciated!
17:03
Peace.
17:03pp20 has left IRC (pp20!522c8782@gateway/web/freenode/ip.82.44.135.130)
17:05Ark74 has left IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx, Ping timeout: 252 seconds)
17:05mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.63.163)
17:06cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Remote host closed the connection)
17:07monkwitdafunk has left IRC (monkwitdafunk!~AndChat49@24.114.22.163, Ping timeout: 255 seconds)
17:08cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
17:09vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
17:17Ark74 has joined IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx)
17:18vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
17:24alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
17:29ogra_ has left IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de, Ping timeout: 240 seconds)
17:45
<bennabiy>
vagrantc: LTP_REMOTEAPPS=true or LTSP_REMO..
17:45ogra_ has joined IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de)
17:49Yaann has joined IRC (Yaann!~yleger@online.vlq16.iliad.fr)
17:51
<bennabiy>
which file sets /etc/passwd for fat client in ldm?
17:58
<vagrantc>
in the client's /usr/share/ldm/rc.d somewhere, i think
17:58
<bennabiy>
Is it share/ldm-script ?
18:09vmlintu has left IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi, Ping timeout: 265 seconds)
18:19Yaann has left IRC (Yaann!~yleger@online.vlq16.iliad.fr, Ping timeout: 240 seconds)
18:19Ark_74 has joined IRC (Ark_74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx)
18:21Ark74 has left IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx, Ping timeout: 264 seconds)
18:24
<bennabiy>
vagrantc: I cannot find it in the rc.d scripts, unless they are assigned by something other than ldm/rc.d
18:29Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
18:29
<vagrantc>
bennabiy: it's either in usr/share/ldm or usr/share/ltsp
18:30
<bennabiy>
ok
18:30
<vagrantc>
bennabiy: are you looking in the sources, or in an LTSP install?
18:30
<bennabiy>
sources
18:30Ark_74 is now known as Ark74
18:31
<vagrantc>
thats why you're not seeing it
18:31
it's a feature of LTSP, not LDM
18:31
<bennabiy>
I wondered.
18:31
<vagrantc>
i.e. it's an LTSP hook in LDM
18:31
<bennabiy>
Does it reference variables set up in LDM?
18:31
<vagrantc>
look at /usr/share/ldm/rc.d/*localapps*
18:32
<bennabiy>
only thing in /usr/share/ldm/rc.d/ is X99-ltsp-logout-action
18:32
<vagrantc>
in ltsp sources, i think it's in client/share/ ...
18:32
<bennabiy>
I mean client share ldm
18:33
Is it something specific to LTSP-pnp?
18:33
<vagrantc>
ltsp/client/localapps/ldm-rc.d
18:33
no
18:34
it's part of the localapps implementation
18:34
<bennabiy>
ok. will poke around in here.
18:34
<vagrantc>
but i'd look in your actual install, rather than just in the sources, perhaps your packaging is not installing it?
18:35Yaann has joined IRC (Yaann!~yleger@online.vlq16.iliad.fr)
18:46Ark74 has left IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx, Ping timeout: 240 seconds)
18:47
<bennabiy>
looks like it is there. I am just wanting to see if I can solve the issue of a lack of password support for screenlocking and such
18:47freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Quit: So long and thanks for all the fish.)
18:47freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
18:48
<vagrantc>
bennabiy: by storing a hash of the password?
18:48
bennabiy: or by using remoteapps?
18:49freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Remote host closed the connection)
18:49freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
18:54xet7 has joined IRC (xet7!~xet7@a88-112-147-81.elisa-laajakaista.fi)
18:55
<bennabiy>
hash, but remoteapps to start with until I get something else in place
18:57
we could bring over the /etc/shadow entry like we do the /etc/passwd with getent shadow, but we also could just take the input from LDM and pass it to makepasswd --clearfrom=- --crypt-md5 or something like it and generate a salted hash
18:58Ark74 has joined IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx)
18:59
<bennabiy>
well, except it doesnt come stock with ubuntu...
19:01
<alkisg>
bennabiy: the password hash issue can be solved from ldm/ssh.c
19:01
Not in a shell script, but in .c code
19:01
<bennabiy>
You want LDM to write the shadow entry?
19:02
<alkisg>
Yup, LDM is the application that knows the password
19:02
The greeter, and ldm.c (ssh.c)
19:02
<bennabiy>
yes,
19:02
<alkisg>
The shell scripts don't know the pass
19:02
<bennabiy>
no, but they can inherit the LDM_PASSWORD variable
19:03
<alkisg>
LDM_PASSWORD doesn't exist when it's not set in lts.conf
19:03
And, it shouldn't be exported in the environment for safety....
19:03
It shouldn't be hard to do the hash in .c, there are functions for that
19:03
<bennabiy>
yes
19:04
<alkisg>
So no need for external utilities like mkpasswd
19:04
<bennabiy>
yes.
19:05
Is there something wrong about pulling the shadow with getent like we do with the passwd?
19:05
<alkisg>
No rights to do taht
19:05
<bennabiy>
if the user has already authenticated
19:05
<alkisg>
passwd = user
19:05
shadow == needs root
19:05
<bennabiy>
ah, sorry, thought we were running as root
19:06
<alkisg>
No, ssh to the server runs as user on the server side
19:06
ssh user@server
19:06
<bennabiy>
yes, I get it now. Was not thinking clearly about it before
19:07
Does it matter which hash we generate?
19:07
<alkisg>
No
19:08
As long as it's generated from the user's password, any salt or encryption method will do
19:08
So just a call to crypt()
19:09
<vagrantc>
anything the shadow suite will accept as a valid hash, of course...
19:09
<bennabiy>
Is there a distro which does not accept salted md5?
19:10
which is supported by ltsp?
19:10
<alkisg>
It doesn't matter, you call the system functions so you don't care about the distro
19:10
<vagrantc>
right
19:11
<alkisg>
You may even create the user from ldm.c if it's more convenient, and shell scripts can then add the groups etc
19:11monkwitdafunk has joined IRC (monkwitdafunk!~AndChat49@24.114.23.251)
19:11Yaann has left IRC (Yaann!~yleger@online.vlq16.iliad.fr, Ping timeout: 240 seconds)
19:25PhoenixSTF has joined IRC (PhoenixSTF!~rudiservo@78.29.147.214)
19:54ageis has left IRC (ageis!kevin@ageispolis.net, Ping timeout: 240 seconds)
19:55vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Ping timeout: 265 seconds)
19:57mattcen has left IRC (mattcen!~mattcen@c110-22-201-130.sunsh4.vic.optusnet.com.au, Ping timeout: 265 seconds)
19:57MrV has left IRC (MrV!~Edgar@31.163.201.104, Ping timeout: 264 seconds)
20:01Guest76181 has joined IRC (Guest76181!kevin@ageispolis.net)
20:04mattcen has joined IRC (mattcen!~mattcen@c110-22-201-130.sunsh4.vic.optusnet.com.au)
20:10MrV has joined IRC (MrV!~Edgar@31.163.201.104)
20:16vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
20:29
<bennabiy>
alkisg, vagrantc: Should the salt take advantage of urandom, random or something else?
20:30
Seeing how it is needed pretty close to boot time, it might not have enough in the pool for /dev/random
20:30
<alkisg>
bennabiy: close to boot time?
20:31
It's login time...
20:32
<bennabiy>
yes. but potentially the boot takes place and then immediately comes login if someone starts it up wanting to get on
20:32
<alkisg>
All services have started, xorg have started, ldm have started... it's a fully booted system
20:32
<vagrantc>
if the hash is only persistant for the user session... urandom is probably fine.
20:33
<bennabiy>
vagrantc: yes, no persisting hashes.
20:33
<alkisg>
Do you need to manually specify the seed? Are you going to call crypt() or some pam function?
20:33
<bennabiy>
call crypt...
20:33
<alkisg>
Or are you going to add a user and then change its password?
20:34
<bennabiy>
The user gets added through the localapps rc.d script
20:34
<alkisg>
Call crypt, add a line to shadow, and then let the scripts add the user?
20:34
<bennabiy>
yes
20:34
<alkisg>
Does that work, in that order?
20:34
<bennabiy>
probably not...
20:34
shadow does not contain gid info, so it might work
20:35Ark74 has left IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx, Ping timeout: 240 seconds)
20:35
<bennabiy>
You would know better than I when the shadow gets wiped, and refreshed as compared to the passwd file.
20:35
<alkisg>
I don't know if useradd cleans the shadow entry of the user being created
20:35
<bennabiy>
I think they all happen at the same time in order passwd, shadow, groups, groupshadow
20:37
<alkisg>
When LDM gets the username and the password and ssh's to the server, the user account doesn't yet exist locally
20:37
So if it adds a line to shadow, it would refer to a non-existing user
20:38
<bennabiy>
So would LDM either have to do the whole user creation, or store the hash as a variable it can pass to localapps script
20:38
?
20:38
<alkisg>
Then, the login shell scripts get the info from the server and call useradd/adduser
20:38
And the question there is, if useradd would keep the line that ldm added to shadow
20:38
We'd be lucky if it works
20:39
I wouldn't mind having it done that way, if it works, because we're ditching ldm at ltsp 6 anyway...
20:39
But yeah a saner approach would be for ldm to add the user, and the scripts to modify it with info from the server
20:39
<bennabiy>
Would it be fine to pass the variable to the script of the hash, and then destroy the variable once it has been added?
20:40
or too insecure?
20:40
<alkisg>
For me yes, as long as it never appears in the command line, but vagrantc objects here, not without reason...
20:40
<bennabiy>
creating the hash is no problem.
20:41
<alkisg>
You could also create a file with that hash, and append it to shadow from a shell script
20:41
...and of course that file should be readable only by root...
20:43
<vagrantc>
and delete that file as soon as the shadow file is updated...
20:43
<bennabiy>
yes
20:43
that might be the best way.
20:44
<vagrantc>
you could pass the location of the file as a variable
20:44
<alkisg>
It could be constant, /var/cache/ltsp/shadow.$USER....
20:44
<bennabiy>
that would make things easier, as it could update the shadow file after the user has been created with a simple sed replacement
20:46
well I will have to tackle this more tomorrow. Ran out of time today.
20:46
I should have something tomoK33p1ng th3 w4y
20:47
<vagrantc>
alkisg: if it's constant, it would be easier to attack
20:47
<alkisg>
vagrantc: /etc/shadow is constant too
20:48
<vagrantc>
fair enough
20:48
<alkisg>
The file should be created with the correct umask from the start though, not `chmod'ed` afterwards...
20:48
<vagrantc>
yes.
20:49
<bennabiy>
alkisg: Agree
20:52freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Quit: So long and thanks for all the fish.)
20:53
<alkisg>
./src/plugin.c: rc_files("xsession");
20:53
If LDM set a hash variable there, it would be available to X01-localapps,
20:54
where, at its top, we could do:
20:54
local_hash=LDM_HASHED_PASSWORD
20:54
unset LDM_HASHED_PASSWORD
20:54
...so as to remove it from the environment and only have it as a local var,
20:54
(so that spawned processes don't see it at all),
20:55
and, at the end of X01-localapps, to unset local_hash, as soon as we write it to /etc/shadow
20:55
All that when some variable in lts.conf is true, to allow someone to disable saving the hash
20:56Ark74 has joined IRC (Ark74!~Ark74@189.214.42.128.cable.dyn.cableonline.com.mx)
20:57alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
21:31gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Remote host closed the connection)
21:34rafepren has left IRC (rafepren!~rafepren@143.107.231.78, Quit: Leaving)
21:42gbaman has joined IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com)
22:03telex has left IRC (telex!~telex@freeshell.de, Remote host closed the connection)
22:04telex has joined IRC (telex!~telex@freeshell.de)
22:38andygraybeal has joined IRC (andygraybeal!~andy@h212.217.213.151.dynamic.ip.windstream.net)
22:46khildin has left IRC (khildin!~khildin@ip-213-49-85-111.dsl.scarlet.be, Quit: I'm gone, bye bye)
23:03adrianorg has left IRC (adrianorg!~adrianorg@177.132.220.196, Read error: Connection reset by peer)
23:08adrianorg has joined IRC (adrianorg!~adrianorg@177.132.222.20)
23:42gbaman has left IRC (gbaman!~gbaman@host81-130-112-2.in-addr.btopenworld.com, Remote host closed the connection)