IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 2 June 2014   (all times are UTC)

00:23vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
00:34Ark74 has joined IRC (Ark74!~Ark74@187.252.185.23)
00:51gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
00:56gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 276 seconds)
00:58Ark74 has left IRC (Ark74!~Ark74@187.252.185.23, Ping timeout: 276 seconds)
01:09Ark74 has joined IRC (Ark74!~Ark74@187.252.185.23)
01:31gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
01:31sutula has left IRC (sutula!~sutula@207-118-132-97.dyn.centurytel.net, Quit: ZNC - http://znc.sourceforge.net)
01:35gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 252 seconds)
01:44Ark74 has left IRC (Ark74!~Ark74@187.252.185.23, Ping timeout: 255 seconds)
01:56MrV has left IRC (MrV!~Edgar@31.163.201.104, Ping timeout: 255 seconds)
01:57Ark74 has joined IRC (Ark74!~Ark74@187.252.185.23)
02:00sutula has joined IRC (sutula!~sutula@207-118-132-97.dyn.centurytel.net)
02:31gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
02:36gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 260 seconds)
02:58MrV has joined IRC (MrV!~Edgar@31.163.201.104)
03:30Ark74 has left IRC (Ark74!~Ark74@187.252.185.23, Ping timeout: 240 seconds)
03:32gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
03:37gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 255 seconds)
03:45cstk421 has joined IRC (cstk421!~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net)
03:45
<cstk421>
does anyone use xenserver for vm's and ltsp to manage users and their access to vm's ?
03:46
if that makes sense?
03:47Ark74 has joined IRC (Ark74!~Ark74@187.252.185.23)
03:49
<vagrantc>
cstk421: i.e. one VM per user?
03:49
<cstk421>
yes for example
03:49
ultimately my goal is for them to be able to login to any thinclient and their vm would be available to them
03:49
<vagrantc>
there's no specific VM integration in LTSP...
03:50
it just provides access to a desktop, either on a thin client (runnng on the server hardware), or a fat client (running on the client hardware)
03:51
<cstk421>
understood i know it has nothing to do with the vm's. The reason for my inquiry is Xenapp is to deliver applications. I am not interested in that. So I am curious what the norm or best TS to use to manage users.
03:52
<vagrantc>
again, the user management isn't LTSP specific...
03:52
<cstk421>
oh yeah i forgot ltsp doesnt have a user portal
03:53
sorry that was a different ts
03:53
<vagrantc>
it just ues whatever user management the server platform uses
03:53
no sense reinventing the wheel
03:54
<cstk421>
can you give me an example of the "server platform" ?
03:55
just so i undersatnd what you mean
03:55
<vagrantc>
i.e. ubuntu, debian, fedora, redhat enterprise linux ...
03:55
whatever you choose to use for a server
03:57
<cstk421>
so the relationship setup for that would be xenserver (metal hypervisor) to host the vm's, Ubuntu (user management), and LTSP for terminal services using Ubuntu for authentication ?
03:57
<vagrantc>
it just uses ssh for authentication
03:57
but sure, that sounds like a feasible setup
03:58
i havent used anything pecifically called xensever ... though i've used XEN, KVM, libvirt, etc...
04:00
<cstk421>
so in configuring LTSP it authenticates a user on the "server" (ubuntu) and directs them to their vm ? can it do that ?
04:00
or is that too simple
04:02
<vagrantc>
there's no VM
04:02
typically
04:03
if you can create a desktop session that logs them into a VM, it'd work...
04:04
but normally, it just runs the desktop session on the server (thin client), or client hardware (fat client)
04:05
<cstk421>
when i tried ltsp i used the pxe boot for the thinclient and ltsp directed that client to the vm running 7. that works well. the only addition i am trying to figure out is some sort of user portal so they can login from any thinclient and be connected to their vm. just need to figure out that part of it
04:06
im sorry if i keep asking the same question. trying to find the right path
04:06
<vagrantc>
what do you mean "vm running 7" ?
04:07
<cstk421>
windows 7
04:08
<vagrantc>
ah, you're using the RDP sessions or something?
04:08
<cstk421>
yes
04:08
you prob dont remember but you were key in getting it working for me :)
04:08
<vagrantc>
i have very little experience with rdp
04:09
<cstk421>
what do you use ltsp for ?
04:09
<vagrantc>
linux desktop
04:09
and all sorts of things ... mostly i just develop it these days
04:10
<cstk421>
ah
04:13
<vagrantc>
the L in LTSP does stand for Linux :P
04:15
<cstk421>
you know i was just thinking. Im not sure of course but would Ubuntu server have the ability to have a user portal via pxe boot and they log in and it would rdp them into their respective vm ? or does ubuntu not have TS builtin ?
04:16
nm just looked it up they all reference Ubuntu + LTSP LOL
04:16
<vagrantc>
i don't really userstand what you mean by user portal in conjunction with pxe boot ...
04:16
but yes, in theory you could do something like that.
04:17
<cstk421>
ok for example when ltsp wasnt working for me b/c of a config issue i was getting the client login (if i remember that was it)
04:18
have you ever seen an environment of thinclients that have a login on boot and then it connects to their "virtual desktop" ?
04:18
thats what I am looking to do
04:18
<vagrantc>
not really, but it's theoretically possible...
04:22
<Ark74>
virtualizing several "desktops", mmm those hdd will be burning xD
04:23
<vagrantc>
heh
04:23
<cstk421>
vagrantc: check this video out https://www.youtube.com/watch?v=tPQev-yU6cA at about 50 seconds you will see the user login screen then it goes to the desktop. in this case they are booting to a linux desktop but you get the idea.
04:25
<vagrantc>
that sounds like the default behavior of LTSP...
04:25
though i don't really bother watching videos.
04:27
<cstk421>
understood just thought you would like to see it. np
04:33gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
04:37gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 252 seconds)
05:03work_alkisg has left IRC (work_alkisg!~alkisg@plinet.ioa.sch.gr, Ping timeout: 252 seconds)
05:07cstk421 has left IRC (cstk421!~cstk421@99-20-229-203.lightspeed.brhmmi.sbcglobal.net, )
05:10vmlintu has joined IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi)
05:34gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
05:39gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 260 seconds)
06:21alexxtasi has joined IRC (alexxtasi!~alex@unaffiliated/alexxtasi)
06:35gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
06:39gbaman has left IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com, Ping timeout: 255 seconds)
06:44freedomrun has joined IRC (freedomrun!~freedomru@unaffiliated/freedomrun)
07:07work_alkisg has joined IRC (work_alkisg!~alkisg@plinet.ioa.sch.gr)
07:12gbaman has joined IRC (gbaman!~gbaman@host81-130-11-92.in-addr.btopenworld.com)
07:23mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.63.163)
07:35mealstrom has left IRC (mealstrom!~Thunderbi@46.63.63.163, Ping timeout: 276 seconds)
07:51mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
08:00Grembler has joined IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net)
08:02bennabiy has left IRC (bennabiy!~Thunderbi@96-37-209-0.dhcp.leds.al.charter.com, Ping timeout: 252 seconds)
08:03bennabiy has joined IRC (bennabiy!~Thunderbi@96-37-209-0.dhcp.leds.al.charter.com)
08:11vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
08:29Grembler has left IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net, Quit: I Leave)
08:40PhoenixSTF has joined IRC (PhoenixSTF!~rudiservo@78.29.147.214)
08:40vmlintu has left IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi, Ping timeout: 240 seconds)
09:25workingcats has left IRC (workingcats!~workingca@212.122.48.77, Quit: Leaving)
09:28Gremble has joined IRC (Gremble!~Ben@host-92-27-135-217.static.as13285.net)
09:29Gremble is now known as Guest89599
09:36freedomrun has left IRC (freedomrun!~freedomru@unaffiliated/freedomrun, Quit: So long and thanks for all the fish.)
09:43workingcats has joined IRC (workingcats!~workingca@212.122.48.77)
10:50vmlintu has joined IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi)
11:02rafepren has joined IRC (rafepren!~rafepren@143.107.231.78)
11:02rafepren has joined IRC (rafepren!~rafepren@unaffiliated/rafepren)
11:17Faith has joined IRC (Faith!~paty@unaffiliated/faith)
11:50alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
11:52alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
11:57Guest89599 has left IRC (Guest89599!~Ben@host-92-27-135-217.static.as13285.net, Quit: I Leave)
12:53uXuss has joined IRC (uXuss!~uXus@217.77.222.72)
12:54uXus has joined IRC (uXus!~uXus@217.77.222.72)
14:01
<muppis>
Is there way to disable aufs per client when using nfs?
14:08
If not, that would be a neat option for easier setup and maintenance, even rest of clients uses nbd.
14:13alexxtasi has left IRC (alexxtasi!~alex@unaffiliated/alexxtasi)
14:57
<Hyperbyte>
mhm
14:57
I need to blacklist a certain Xorg usb input device (Plantronics headset, evdev) on my thin clients. Any idea how I can go about doing this?
15:01
<||cw>
add to the blacklist in the chroot?
15:02vmlintu has left IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi, Ping timeout: 255 seconds)
15:07work_alkisg has left IRC (work_alkisg!~alkisg@plinet.ioa.sch.gr, Ping timeout: 255 seconds)
15:10work_alkisg has joined IRC (work_alkisg!~alkisg@plinet.ioa.sch.gr)
16:13PhoenixSTF has left IRC (PhoenixSTF!~rudiservo@78.29.147.214, Ping timeout: 260 seconds)
16:53vmlintu has joined IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi)
17:07Phantomas has joined IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
17:16mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 252 seconds)
17:30alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
17:35Ark74 has left IRC (Ark74!~Ark74@187.252.185.23, Remote host closed the connection)
17:38vmlintu has left IRC (vmlintu!~vmlintu@nblzone-240-143.nblnetworks.fi, Ping timeout: 240 seconds)
17:49mealstrom has joined IRC (mealstrom!~Thunderbi@shmel.km.ua)
18:02vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
18:52mealstrom has left IRC (mealstrom!~Thunderbi@shmel.km.ua, Ping timeout: 276 seconds)
19:01telex has left IRC (telex!~telex@freeshell.de, Remote host closed the connection)
19:02telex has joined IRC (telex!~telex@freeshell.de)
19:12PhoenixSTF has joined IRC (PhoenixSTF!~rudiservo@78.29.147.214)
19:34Phantomas has left IRC (Phantomas!~Phantomas@ubuntu/member/phantomas)
20:02mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.63.163)
20:07
<bennabiy>
alkisg, vagrantc: http://pastebin.com/NvuCyKwE for a look over the hash generation code...
20:12
<alkisg>
bennabiy: I haven't written any .c code for linux at all, but I think that passwords are set with PAM, and that you could probably use library functions for salt, instead of /dev/urandom...
20:13
But not using PAM should be fine too, ok
20:14
<bennabiy>
I had asked what we wanted to use for generating the salt, and I thought you and vagrantc said dev/urandom should be fine
20:14
since we are generating the hash on the fly...
20:15
<alkisg>
/dev/urandom is fine for shell, but I don't think .c code doesn't have a respective function...
20:15
<bennabiy>
basically, at this point, you would have a valid hash, based on the accepted password from ssh, which is able to be put into a /etc/shadow entry
20:17
as far as I saw, glib did not have a suitable randomness within its functions to meet the security needs, as the potential for stealing the file while it is there and bruteforcing it would still be a valid concern (which is why I did not want to go with something a little less random)
20:18* vagrantc would like to use the same code to generate hashes that is used to validate the hashes, if possible
20:18
<bennabiy>
I am using crypt to generate the hash
20:18
<vagrantc>
otherwise, we might end up in a situation where it works in one environment but not another...
20:18
<alkisg>
That would be pam
20:19
Btw, I read in https://developer.gnome.org/glib/stable/glib-Random-Numbers.html#g-rand-new that it does use urandom
20:20
Stealing the /etc/shadow file of an ltsp client would require root, which would allow the hacker to install a keylogger
20:20
<vagrantc>
shadow doesn't use hashes that aren't brute-forceable, does it?
20:20
<bennabiy>
alkisg: This PRNG is suitable for non-cryptographic use such as in games (shuffling a card deck, generating levels), generating data for a test suite, etc. If you need random data for cryptographic purposes, it is recommended to use platform-specific APIs such as /dev/random on UNIX, or CryptGenRandom() on Windows.
20:20imox has joined IRC (imox!~imox@p57A96DBC.dip0.t-ipconnect.de)
20:21
<alkisg>
bennabiy: that's what libraries are for though, to select the best platform specific apis
20:21
"Creates a new random number generator initialized with a seed taken either from /dev/urandom (if existing) or from the current time (as a fallback). On Windows, the seed is taken from rand_s()."
20:22
<bennabiy>
I am saying shadow can be brute forced...
20:23
alkisg: I guess it is whatever amount of (in)security you want to have in there. I was just trying to be safe.
20:24
alkisg: root is a given if shell is enabled.
20:24
<alkisg>
bennabiy: if a hacker has root, there's not much to say about safety of /dev/urandom
20:25
<vagrantc>
or /dev/random
20:25
<alkisg>
You can put whatever you want there... or install keyloggers... the user that uses that account is doomed
20:25
*that client
20:26
But, if it's possible to use PAM, then I'm betting it would put the salt() by itself
20:26vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
20:27
<alkisg>
The pam_chauthtok() function allows the server to change the user's pass- word, either at the user's request or because the password has expired.
20:27
<bennabiy>
hmm, I thought this was going to be a quick and dirty fix to tide over until ltsp6 ?
20:27
<alkisg>
No problem by me
20:27
I don't mind about quick and dirty fixes in ldm, as long as noone else objects...
20:28
<bennabiy>
I thought that was the whole premise of doing it this way, and I thought we had a whole conversation about it. If I need to implement PAM for it to work, why not just roll out LTSP6 and get it over with?
20:29
<alkisg>
use pam != implement pam
20:29
http://www.freebsd.org/doc/en/articles/pam/pam-sample-appl.html
20:29
That's a program that uses pam
20:30
(it does other things too, setting only the password is smaller)
20:31
<bennabiy>
bah, I guess I misunderstood your hopes and such the whole time. I took it that we did not want to bring much else into the program
20:31
<alkisg>
It's just using the standard functions for setting /etc/shadow
20:31
But as I said, I don't mind how you implement it
20:32
As long as other developers are OK with you committing it, from me you're clear to go, np...
20:34
<bennabiy>
That is just part of the code, which I did not want to go further without making sure it was sound. If you want me to do it a different way, it would probably take a bit longer. Perhaps if you can spell out what you are hoping for, it would make the direction I put my efforts towards a little more fruitful
20:38
<alkisg>
I really don't mind how you implement it as long as it works, but again, I don't want to get involved in the LDM code, I've been very careful avoiding it in the past :)
20:38
<bennabiy>
I guess for that matter we could just do a exec passwd ssh_info->username; and an expect to issue the password twice in response
20:39
<alkisg>
I think sbalneav and stgraber are the ones that put the most effort in LDM
20:39
<bennabiy>
c and I have a love hate relationship
20:40
I started working with it 18 years ago, and was never motivated enough to actually do anything with it for a long time.
20:41
<alkisg>
It's late here, /me waves, keep up the good work...
20:41alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
21:30[GuS] has left IRC ([GuS]!~gustavo@unaffiliated/gus/x-663402, Ping timeout: 255 seconds)
21:54[GuS] has joined IRC ([GuS]!~gustavo@unaffiliated/gus/x-663402)
21:59Ark74 has joined IRC (Ark74!~Ark74@187.252.185.23)
22:13PhoenixSTF has left IRC (PhoenixSTF!~rudiservo@78.29.147.214, Remote host closed the connection)
22:26adrianorg has left IRC (adrianorg!~adrianorg@187.115.109.155, Ping timeout: 255 seconds)
22:28adrianorg has joined IRC (adrianorg!~adrianorg@177.204.156.191.dynamic.adsl.gvt.net.br)
23:22Faith has left IRC (Faith!~paty@unaffiliated/faith, Quit: Bye!)
23:25imox has left IRC (imox!~imox@p57A96DBC.dip0.t-ipconnect.de, Quit: imox)