IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 3 December 2014   (all times are UTC)

01:03rjune has joined IRC (rjune!~rjune@in-69-69-164-139.sta.embarqhsd.net)
01:10freedomrun has left IRC (freedomrun!~quassel@unaffiliated/freedomrun, Remote host closed the connection)
01:20talnti has joined IRC (talnti!~talntid@173-160-189-58-Washington.hfc.comcastbusiness.net)
01:21RandomGuy9 has left IRC (RandomGuy9!7bff0b80@gateway/web/freenode/ip.123.255.11.128, Ping timeout: 246 seconds)
01:23talntid has left IRC (talntid!~talntid@173-160-189-58-Washington.hfc.comcastbusiness.net, Ping timeout: 272 seconds)
01:33rjune has left IRC (rjune!~rjune@in-69-69-164-139.sta.embarqhsd.net, Ping timeout: 264 seconds)
02:55telex has left IRC (telex!teletype@freeshell.de, Remote host closed the connection)
02:56telex has joined IRC (telex!teletype@freeshell.de)
03:51dtonated has joined IRC (dtonated!4853ece2@gateway/web/freenode/ip.72.83.236.226)
03:56
<dtonated>
need help on a centos 6.6 install. i can't login, /var/log/messages shows ldminfod process lasting one second.
03:56
i'm at a loss
04:00vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
04:04cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Ping timeout: 240 seconds)
04:14deisel has joined IRC (deisel!186b70df@gateway/web/freenode/ip.24.107.112.223)
04:16
<deisel>
I am a noob to ltsp and have a few basic questions if someone has a moment
04:17
How does one launch a client from a pre-existing pxe menu on another server? I have an pxe menu on another server and I just want to point to an ltsp server as an option but am having issues figuring out the string.
04:21deisel has left IRC (deisel!186b70df@gateway/web/freenode/ip.24.107.112.223, Quit: Page closed)
04:22work_alkisg has joined IRC (work_alkisg!~alkisg@194.63.234.224)
04:29cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
04:49vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
05:20vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
05:22slackish has left IRC (slackish!amcphall@mcphall.org, Remote host closed the connection)
06:36vmlintu has joined IRC (vmlintu!~vmlintu@a91-152-200-70.elisa-laajakaista.fi)
06:37vmlintu has left IRC (vmlintu!~vmlintu@a91-152-200-70.elisa-laajakaista.fi, Client Quit)
06:37vmlintu_ has joined IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi)
06:41
<work_alkisg>
dtonated: put SCREEN_02=shell and SCREEN_07=ldm at lts.conf, then switch to vt2, and try: ssh user@server
06:41
See if it prompts for accepting the ssh key, if so you need to run ltsp-update-sshkeys etc
06:47zamba has left IRC (zamba!marius@flage.org, Ping timeout: 258 seconds)
06:47vmlintu_ has left IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi, Ping timeout: 258 seconds)
06:48vmlintu_ has joined IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi)
06:48freedomrun has joined IRC (freedomrun!~quassel@unaffiliated/freedomrun)
07:05mealstrom has left IRC (mealstrom!~Thunderbi@46.63.63.163, Ping timeout: 255 seconds)
07:13zamba has joined IRC (zamba!marius@flage.org)
07:31gnps has joined IRC (gnps!75cd8f11@gateway/web/freenode/ip.117.205.143.17)
07:32
<gnps>
I m runnig edubuntu 12.04 but unable to see the clients on epoptes
07:35
how to configure epoptes to add clients on network?
07:37gnps has left IRC (gnps!75cd8f11@gateway/web/freenode/ip.117.205.143.17, Quit: Page closed)
08:03vmlintu_ has left IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi, Ping timeout: 252 seconds)
08:26AlexPortable has joined IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-dwxzyxufecyarhbj)
08:27mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
08:57vmlintu_ has joined IRC (vmlintu_!~vmlintu@82-181-214-103.bb.dnainternet.fi)
09:07work_alkisg is now known as alkisg
09:12mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 245 seconds)
09:21freedomrun has left IRC (freedomrun!~quassel@unaffiliated/freedomrun, Read error: Connection reset by peer)
09:26ricotz has joined IRC (ricotz!~rico@ubuntu/member/ricotz)
09:34ogra_ has left IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de, Ping timeout: 264 seconds)
09:46alkisg is now known as work_alkisg
09:49mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
09:55bobby_C has joined IRC (bobby_C!~bobby@212.108.48.26)
09:59mealstro1 has joined IRC (mealstro1!~Thunderbi@46.63.71.254)
10:02mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 264 seconds)
10:05bobby_C has left IRC (bobby_C!~bobby@212.108.48.26, Read error: No route to host)
10:05bobby_C has joined IRC (bobby_C!~bobby@212.108.48.26)
10:06bobby__C has joined IRC (bobby__C!~bobby@212.108.48.26)
10:11ogra_ has joined IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de)
10:16ogra_ has left IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de, Ping timeout: 264 seconds)
10:19Grembler has joined IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net)
10:29NeonLicht has joined IRC (NeonLicht!~NeonLicht@darwin.ugr.es)
10:37dtonated has left IRC (dtonated!4853ece2@gateway/web/freenode/ip.72.83.236.226, Ping timeout: 246 seconds)
10:40ogra_ has joined IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de)
10:45ogra_ has left IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de, Ping timeout: 258 seconds)
11:00ogra_ has joined IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de)
11:02mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
11:03mealstro1 has left IRC (mealstro1!~Thunderbi@46.63.71.254, Ping timeout: 272 seconds)
11:04ogra_ has left IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de, Ping timeout: 240 seconds)
11:07mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 252 seconds)
11:07mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
11:21freedomrun has joined IRC (freedomrun!~quassel@unaffiliated/freedomrun)
11:36telex has left IRC (telex!teletype@freeshell.de, Remote host closed the connection)
11:38telex has joined IRC (telex!teletype@freeshell.de)
11:53adrianorg has left IRC (adrianorg!~adrianorg@177.134.57.248, Ping timeout: 240 seconds)
11:55adrianorg has joined IRC (adrianorg!~adrianorg@177.134.60.251)
11:57bobby__C has left IRC (bobby__C!~bobby@212.108.48.26, Read error: Connection reset by peer)
11:58bobby__C has joined IRC (bobby__C!~bobby@212.108.48.26)
12:04vmlintu_ has left IRC (vmlintu_!~vmlintu@82-181-214-103.bb.dnainternet.fi, Ping timeout: 250 seconds)
12:11andygraybeal has left IRC (andygraybeal!~andy@h170.195.213.151.dynamic.ip.windstream.net, Quit: Ex-Chat)
12:12FGXR6 has joined IRC (FGXR6!~phantom@ppp121-44-234-87.lns20.syd7.internode.on.net)
12:15F-GTSC has left IRC (F-GTSC!~phantom@ppp118-211-216-188.lns20.syd4.internode.on.net, Ping timeout: 256 seconds)
12:19AlexPortable has left IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-dwxzyxufecyarhbj, Quit: Connection closed for inactivity)
12:20markit has left IRC (markit!~marco@46.44.227.58, Ping timeout: 244 seconds)
12:38AlexPortable has joined IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-kbubdbcgzegolwoj)
12:47markit has joined IRC (markit!~marco@host179-38-static.243-95-b.business.telecomitalia.it)
12:47markit has left IRC (markit!~marco@host179-38-static.243-95-b.business.telecomitalia.it, Client Quit)
12:54bobby__C has left IRC (bobby__C!~bobby@212.108.48.26, Remote host closed the connection)
13:07FGXR6 has left IRC (FGXR6!~phantom@ppp121-44-234-87.lns20.syd7.internode.on.net, Ping timeout: 258 seconds)
13:09mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 244 seconds)
13:20FGXR6 has joined IRC (FGXR6!~phantom@ppp121-44-180-165.lns20.syd7.internode.on.net)
13:55
<tkii>
i must be doing something wrong... following docs that vagrant pointed out and now this doc... http://ubuntuforums.org/showthread.php?t=2173749 i'm still getting only a black screen with an X mouse cursor on berryterminal .
14:16championofcyrodi has joined IRC (championofcyrodi!~cott@50-205-35-98-static.hfc.comcastbusiness.net)
14:17
<cyberorg>
tkii, hi, you had question about r-pi + openSUSE?
14:18
<tkii>
well at one point i was trying to use opensuse 13.1 but what yast installs ltsp-build-client --arch i386 gives a tons of errors.
14:18
so i switched to ubuntu 14.04LTS
14:19
<championofcyrodi>
14.04 ltsp thin client seemed to work okay w/ r-pi last time i tried it
14:19
<cyberorg>
tkii, r-pi does not need ltsp-build-client, berry terminal works out of box
14:20
http://www.berryterminal.com/
14:21
was just going through logs and saw your post, so responding :)
14:23
<tkii>
http://www.berryterminal.com/doku.php/setting_up_edubuntu_as_ltsp_server <-- I believe the edbuntu ltsp install setups an i386 client by default... no?
14:23
oh heck i appreciate it... i've beaten my head against the wall on this
14:24
which i'm good with it not needing a client built... i'm just trying to figure out what i'm missing.
14:24
I get the LTSP login screen and it does authenticate but doesn't display the ubuntu desktop or LXDE (it is installed).
14:24
<cyberorg>
tkii, for suse we follow https://en.opensuse.org/SDB:LTSP_quick_start_12.2_Edu default is i386 image, but r-pi does not use it, it uses it's own image from sdcard
14:25
<tkii>
doesn't that image need to be on the LTSP server?
14:25
<cyberorg>
tkii, no
14:25
<tkii>
I've got the berryterminal pi image on the sd card... that all works. it logs in and then i just get a black screen and the X11 default mouse cursor.
14:26
<cyberorg>
tkii, yes that is known issue on ubuntu/gnome3, that is why we have got mate available on suse
14:27
you can boot up the iso https://sourceforge.net/projects/opensuse-edu/files/download/ISOs/ in a VM, follow the quick_start instructions to set up ltsp server and boot r-pi from there to test
14:47JuJuBee has joined IRC (JuJuBee!~mike_knic@24-148-115-153.ip.mhcable.com)
14:48
<JuJuBee>
I tried a dist-upgrade in chroot but get errors... http://pastebin.com/f9MqxL9Z
15:09ricotz has left IRC (ricotz!~rico@ubuntu/member/ricotz, Quit: Ex-Chat)
15:17djeis97 has joined IRC (djeis97!477aba9e@gateway/web/freenode/ip.71.122.186.158)
15:20
<tkii>
thank you for the link! I have 4 OpenSuSE servers currently and would prefer to stick with suse...
15:26ogra_ has joined IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de)
15:36mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
15:57championofcyrod1 has joined IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
15:57championofcyrod1 has left IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
16:16vmlintu_ has joined IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi)
16:36ltspuser has joined IRC (ltspuser!90332be4@gateway/web/freenode/ip.144.51.43.228)
16:44rjune has joined IRC (rjune!~rjune@in-69-69-164-139.sta.embarqhsd.net)
16:45ltspuser has left IRC (ltspuser!90332be4@gateway/web/freenode/ip.144.51.43.228, Ping timeout: 246 seconds)
17:00JuJuBee has left IRC (JuJuBee!~mike_knic@24-148-115-153.ip.mhcable.com)
17:02mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 245 seconds)
17:03vmlintu_ has left IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi, Ping timeout: 272 seconds)
17:06Grembler has left IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net, Quit: I Leave)
17:14
<tkii>
@cyberorg that how to seems very simple... if this works i might virtually kiss you.
17:16JuJuBee has joined IRC (JuJuBee!~mike_knic@24-148-115-153.ip.mhcable.com)
17:41vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
17:46vmlintu_ has joined IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi)
17:58vmlintu_ has left IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi, Ping timeout: 245 seconds)
18:03
<tkii>
@cyberorg, berryterminal requires LDM server... i think your talking about raspberry pi thick clients. berryterminal is a thin client.
18:05mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.63.163)
18:16
<JuJuBee>
I followed http://pi.gbaman.info/?p=256 instructions to create a test ltsp-pi server and got it working.. Wonder if I can copy the chroot and image to my production ltsp server and allow pi's to boot on production network?
18:18
<vagrantc>
JuJuBee: what's the difference between your ltsp-pi server and your production ltsp server?
18:19
JuJuBee: in general, you can copy images/chroots between ltsp servers
18:20
<JuJuBee>
Not sure if the pi-ltsp config is any different. The sd card in pi has enough (as i understand it) to tell it to boot from the network (specifying the ltsp-server IP address) so... I am guessing this will work?
18:21
So if the pi is thin, then all I need to copy over is the image?
18:21
<vagrantc>
why guess when you can experiment? :)
18:22
<JuJuBee>
I have to wait for the time to copy / extract on production server when nobody is using it
18:29
<tkii>
JuJuBee.. are you using pi's as thin clients or thick clients?
18:30
i can't get a pi (using berryterminal) to connect at all. with ubuntu 14.04 just get a black screen. with opensuse li-f-e i get an error about no ldm server at the IP.
18:36* vagrantc doesn't understand why people don't just use LTSP on the pi.
18:42telex has left IRC (telex!teletype@freeshell.de, Remote host closed the connection)
18:44telex has joined IRC (telex!teletype@94.247.40.156)
18:52Faith has joined IRC (Faith!~paty@unaffiliated/faith)
19:03weasel00 has joined IRC (weasel00!~rbiggins@50-115-79-162.static-ip.telepacific.net)
19:04
<weasel00>
after installing ltsp i am little lost of what to do next, like connecting a client to an application for example. any pointers for documenation?
19:06
<vagrantc>
!docs
19:06
<ltsp`>
docs: (#1) For the latest community documentation, see the LTSP wiki at http://wiki.ltsp.org/, or (#2) For a PDF with official documentation, install the ltsp-docs package.
19:06
<weasel00>
!docs
19:06
<vagrantc>
!doc
19:06
<ltsp`>
docs: (#1) For the latest community documentation, see the LTSP wiki at http://wiki.ltsp.org/, or (#2) For a PDF with official documentation, install the ltsp-docs package.
19:06
<vagrantc>
hrm.
19:06
<ltsp`>
I do not know about 'doc', but I do know about these similar topics: 'docs'
19:06
<vagrantc>
guess the bot is slow on the draw today
19:06
weasel00: what distro? what version?
19:07
<weasel00>
vagrantc i used ltps-cluster on ubuntu 14, but reviewing the ltsp-cluster docs and ltsp project docs they all seem to stop at the point of base installation configuration
19:08
<vagrantc>
have you tried booting a client?
19:09
<weasel00>
working on getting a fixed pxe loader sorted out as we speak
19:09
<vagrantc>
it's hard to know what you've actually done, and what you've tried, so it's hard to just guess at what you need to do next
19:10
<weasel00>
ok, i understand :)
19:11
ill poke back in once i get a client up for testing. thanks vagrantc
19:19talnti has left IRC (talnti!~talntid@173-160-189-58-Washington.hfc.comcastbusiness.net)
19:36
<vagrantc>
weasel00: good luck!
19:57Faith has left IRC (Faith!~paty@unaffiliated/faith, Quit: Saindo)
19:59AlexPortable has left IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-kbubdbcgzegolwoj, Quit: Connection closed for inactivity)
20:07cliebow has joined IRC (cliebow!~cliebow@gw-rsu24-co.rsu24.org)
20:07
<cliebow>
!seen sbalneav
20:07
<ltsp`>
sbalneav was last seen in #ltsp 1 week, 1 day, 3 hours, 15 minutes, and 59 seconds ago: <sbalneav> What video chipset does it have.
20:10* vagrantc waves to cliebow
20:10* cliebow cliebow waves back to vagrantc.
20:11
<cliebow>
Missed you in October..Another year coming
20:11
<sbalneav>
hey cliebow
20:11* cliebow cliebow waves to rjune
20:13
<vagrantc>
sbalneav: heya!
20:13
cliebow: didn't quite seem to come together this october
20:14
<sbalneav>
vagrantc: Hey!
20:14
So, I'm sittin' here with a booted fat client.
20:14
By the end of this month I may have a surprise :D
20:14AlexPortable has joined IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-tkrmcgveztdqejsp)
20:14
<sbalneav>
I am working on libnss-ssh
20:14
<vagrantc>
yay!
20:15
<sbalneav>
An nss driver written completely in libssh-2
20:15
<cliebow>
as they say in Maine..So dumb you couldny pour pis out of a booted client if the instructions were on the heel
20:15
<sbalneav>
can I pick your brain for a minute?
20:15
<vagrantc>
sbalneav: as a compliment to libpam-sshauth?
20:15
<sbalneav>
vagrantc: exactly
20:15
<vagrantc>
sbalneav: nice!
20:15
<sbalneav>
So.
20:15
<cliebow>
need a damn small fork here
20:15
<sbalneav>
currently, I have libnss-ssh somewhat working.
20:16
Here's what you have to do
20:16
you set up a "dummy" shell login account on your server.
20:16
on the client, you have an /etc/nss-ssh.conf file
20:16
specifies the userid and password of the account.
20:17
libnss-ssh literally logs into the account, and runs "getent <passwd/group> queries on the command line and parses the results to make the distributed passwd/group appear on the client.
20:17
Now, I realize we're embedding a userid and password in a file.
20:17
How.... icky does that make us feel?
20:18
<vagrantc>
sbalneav: hrm. why can't we use the username/password combo passed to libpam-sshauth?
20:19
<sbalneav>
Because we dont have access to it at that point.
20:19
<vagrantc>
my undrstanding of libnss/libpam stack is limited
20:19
<sbalneav>
this will allow the machine to have nss services even if nobody's logged in.
20:19
<vagrantc>
sbalneav: why do we need that account information before login?
20:20
<sbalneav>
Because it's needed as part of the login process. that's why we have to do the "copy down" of the bits like, literally in the middle of the login process
20:20
which is kinda gross.
20:20
<vagrantc>
i guess i don't understand the process...
20:20weasel00 has left IRC (weasel00!~rbiggins@50-115-79-162.static-ip.telepacific.net, Read error: Connection reset by peer)
20:20
<sbalneav>
Why don't we wait until I have it fully debugged
20:20
it's a bit... crashy at the moment :D
20:21
then I can go over it with you.
20:21
That seem cool?
20:21
<vagrantc>
sbalneav: so, all my questions are definitely due to the basic concen of shared username/password info
20:22
<sbalneav>
yeah. Mine would be too.
20:22
<vagrantc>
sbalneav: the "dummy" shell needs to be interactive?
20:22
<sbalneav>
yes.
20:22
But it could be a chroot jail.
20:22
<vagrantc>
can it be a defined set of known interactions?
20:23
<sbalneav>
possibly.
20:23
<vagrantc>
i.e. use a restricted shell only capable of a few limited responses
20:23
<sbalneav>
so long as it can respond to "getent" type messages...
20:23
hm
20:23vmlintu_ has joined IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi)
20:23
<sbalneav>
you've given me an idea
20:23
<vagrantc>
chroot jails don't provide much protection anymore
20:23
<sbalneav>
a very good idea, actually!
20:23
thanks!
20:24
<vagrantc>
sbalneav: the other thing i'm wondering is if it could just be something like ldminfod, but maybe with socat for an encrypted connection
20:24
<sbalneav>
I think the answer to your question is... "yes" :D
20:24
well, the ssh gets it encrypted right off the bad.
20:24
bat.
20:25
<vagrantc>
sure, but having a shell account, even with a restricted shell, has some security implications
20:25
<sbalneav>
What I'm thinking about wouldn't be a shell account.
20:25alkisg has joined IRC (alkisg!3e01d601@gateway/web/freenode/ip.62.1.214.1)
20:26
<sbalneav>
I just have to check and see if libssh will interact with what I'm thinking of doing.
20:26
<vagrantc>
ok, well, glad to have given you some ideas! :)
20:26
<sbalneav>
That's why I run things past you! :D
20:26
<vagrantc>
and glad to see you've got something cooking
20:27
<sbalneav>
<Joker>You.... complete me</Joker> :D
20:27* vagrantc heads off to explore the manifestation of a breakfast idea
20:27
<sbalneav>
Late breakfast :D
20:27
Or are you not in the west coast ATM?
20:27
<cliebow>
Maybe crab for breakfast 8~)
20:27
<sbalneav>
hey alkisg
20:27
<vagrantc>
sbalneav: you compl<tab> me to!
20:27
<sbalneav>
hahahahaha
20:28
<alkisg>
Hi sbalneav, vagrantc, hi all :)
20:28* cliebow cliebow waves to alkisg
20:28
<sbalneav>
cliebow: Nah, if I had crab, I'd have to smash 'em on the trap and throw it back in :D
20:28
<alkisg>
It's nice to hear things cooking again :)
20:28
Hi cliebow!
20:28
<vagrantc>
sbalneav: you might want to bounce some ideas off alkisg too!
20:28
<sbalneav>
I will.
20:28
<vagrantc>
sbalneav: just falled into strange breakfast habits
20:28
<alkisg>
My experience with pam, nss, ldap etc is very limited...
20:29
<sbalneav>
alkisg: 14:16:54 sbalneav I am working on libnss-ssh
20:29* alkisg read the logs
20:29
<alkisg>
The problem with using the username/password provided is the timeouts?
20:31
<sbalneav>
No, just security
20:31
right now the well-known userid and password is to a shell account.
20:31
But I'm gonna fix that :D
20:32
<alkisg>
No I mean with the initial implementation, where the server was contacted at the time that a user tried to login
20:32
<sbalneav>
Oh, I see
20:32
<alkisg>
E.g. "20:19 <sbalneav> this will allow the machine to have nss services even if nobody's logged in."
20:32
<sbalneav>
no the problem is that, really for the login process, you need to have the passwd and group entries there before you log in.
20:33
<alkisg>
Can't we login twice?
20:33
<sbalneav>
We do a lot of jiggery-pokery to try to make the passwd and group files suddenly appear halfway through the login
20:33
<alkisg>
First, to use the username/password to ssh to the server, then copy the passwd entry, then login locally "properly"...\
20:34
<sbalneav>
Right, well this is kind of doing that, but instead of there being the user, we're just creating a single "well known" userid to pull down the stuff ahead of time.
20:34
<vagrantc>
alkisg: yeah, that's what i was wondering
20:35
<alkisg>
OK I'm guessing there are restrictions in the implementation of login that I can't imagine
20:35
<vagrantc>
the two logins approach is basically what's done for LDM now... and granted, we're trying for something better...
20:35
<sbalneav>
I'm still in the early process with things not fully fleshed out.
20:35* vagrantc wonders about libpam-sshpreauth
20:36
<sbalneav>
I'm hoping to have a "0.1" uploaded to sourceforge by end of december
20:36
<vagrantc>
sourceforge? :)
20:36
<sbalneav>
gah
20:36
launchpad
20:36
<alkisg>
github!
20:36
<sbalneav>
My own personal website!
20:36
scott'scrappycode.com
20:37
<vagrantc>
sbalneav: be sure to use unicode charaters in the domain
20:37
<alkisg>
Can I throw another crazy idea that might affect things?
20:37
<sbalneav>
sure
20:37* vagrantc loves alkisg's crazy ideas
20:37
<alkisg>
The newer ssh supports socket forwarding
20:37
<vagrantc>
alkisg: how new?
20:38
<alkisg>
If we had a "domain join" phase for ltsp clients, we could have forward ssh connections from the server to the clients
20:38
And use that for everything, from sshfs forward *and* reverse, to two-way communication
20:39
The "domain join" phase requires something unique for each client
20:39
<vagrantc>
this is openssh 6.7 ?
20:39
<alkisg>
That can be e.g. the md5sum of some hardware listing... and then use it for creating the ssh keys etc
20:39
Let me check, I heard that about 3 months ago\
20:40
<vagrantc>
http://www.openssh.com/txt/release-6.7
20:40
<alkisg>
Yup that's the one, says so in the release notes
20:41
<vagrantc>
there's not yet a backport for wheezy, although there is a backport of 6.6 ...
20:41
might not be hard to backport
20:41
<alkisg>
With the above scheme we have two way communications and two way file system
20:41
We won't even need ltspfs anymore
20:41
Fully encrypted etc
20:42
<vagrantc>
could also shunt pulseaudio over that connection?
20:42
<alkisg>
I think so, yes
20:43
And about nss, the client could query the server for usernames and id, and only ask for passwords in the authentication phase?
20:43
<vagrantc>
alkisg: would it be hard to implement the correlary to LDM_DIRECTX then... or would some of it just go via ssh, even though most didn't?
20:43
<alkisg>
No change there... both could be supported
20:44
<vagrantc>
and dbus and all that fun?
20:44
<alkisg>
I never understood how dbus forwarding would properly work
20:44
I don't think we even want that
20:45
<vagrantc>
ok
20:45
<alkisg>
If I have a policykit-active user on the client, I don't want him to be able to shutdown the server when he clicks shutdown on the client...
20:45
<vagrantc>
heh
20:46
<alkisg>
vagrantc: how does "domain join" sound, for ltsp clients, supposing we could pull it off?
20:46
E.g. you boot a client for the first time and you see a screen "enter administrator username and password for the server in order to join the domain and continue booting"...
20:47
<vagrantc>
alkisg: so, making a hard requirement on such a new version of ssh... would seem unfortunate, but maybe by the time it's done wouldn't be such a big deal
20:47
<alkisg>
Done for jessie+1, backported for jessie ;)
20:47
<cliebow>
sbalneav..Missed the wave..great to hear from you
20:47
<vagrantc>
alkisg: don't really understand what domain join would be about
20:47
<cliebow>
All!
20:48
<vagrantc>
alkisg: jessie has 6.7, so it'd be fine for jessie
20:48
alkisg: but people seem to hang on to old servers for a long time
20:48
<alkisg>
vagrantc: it would create unique ssh server keys for the client and transfer them to the server so that root accounts on the server would have access to all clients
20:48
<vagrantc>
we've managed to keep LTSP5 backwards compatible to pretty old servers.
20:48
at least partially
20:49
<alkisg>
Those unique ssh server keys would be generated from some unique hardware info of the client
20:50
To summarize, ssh server with unique keys running in all the clients, and passwordless ssh from the server to each one of them
20:50vmlintu_ has left IRC (vmlintu_!~vmlintu@a91-152-200-70.elisa-laajakaista.fi, Ping timeout: 250 seconds)
20:51
<alkisg>
That, along with ssh sockets forwarding, gives 2-way communication and 2-way file system, even before a user logs in
20:51
So we can copy accountsservice and other data needed before login
20:53
<vagrantc>
i wonder if we could generate deterministic ssh keys based on a seed...
20:53
it would obviously be weaker, if you knew the seed data
20:54
<alkisg>
I don't see any reason why we wouldn't be able to do that...
20:55
And even merge the seed with some server-side info, so that it's unique when the same client is booted from different servers
20:56
Anyway, implementation details aside, wouldn't that solve most of our problems?
20:56adrianorg has left IRC (adrianorg!~adrianorg@177.134.60.251, Ping timeout: 240 seconds)
20:57championofcyrodi has left IRC (championofcyrodi!~cott@50-205-35-98-static.hfc.comcastbusiness.net, Remote host closed the connection)
20:59adrianorg has joined IRC (adrianorg!~adrianorg@177.134.60.251)
20:59championofcyrodi has joined IRC (championofcyrodi!~cott@50-205-35-98-static.hfc.comcastbusiness.net)
21:00
<vagrantc>
alkisg: it has some interesting promise
21:00* vagrantc wonders how this all fits into sbalneav's upcoming surprises
21:01
<alkisg>
The client can getany info it wants from the server over a secure channel
21:01
No need to have a special user with known keys anymore
21:02
"20:16 you set up a "dummy" shell login account on your server."
21:02
(quoting sbalneav )
21:02
...that wouldn't be needed if we already had a secure connection to the server...
21:02
Where the server trusts the client, and the client trusts the server etc
21:08
<championofcyrodi>
#kerberos
21:08freedomrun has left IRC (freedomrun!~quassel@unaffiliated/freedomrun, Read error: Connection reset by peer)
21:28
<alkisg>
!learn `fat-sudo as to allow members of the sudo group to execute "sudo" in fat clients without a password prompt, put this in lts.conf: RCFILE_01="echo '%sudo ALL=NOPASSWD: ALL' >> /etc/sudoers"`
21:28
<ltsp`>
(learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
21:28
<alkisg>
!learn fat-sudo as `to allow members of the sudo group to execute "sudo" in fat clients without a password prompt, put this in lts.conf: RCFILE_01="echo '%sudo ALL=NOPASSWD: ALL' >> /etc/sudoers"`
21:28
<ltsp`>
The operation succeeded.
21:28
<alkisg>
!fat-sudo
21:28
<ltsp`>
fat-sudo: to allow members of the sudo group to execute "sudo" in fat clients without a password prompt, put this in lts.conf: RCFILE_01="echo '%sudo ALL=NOPASSWD: ALL' >> /etc/sudoers"
21:34djeis97 has left IRC (djeis97!477aba9e@gateway/web/freenode/ip.71.122.186.158, Quit: Page closed)
21:47andygraybeal has joined IRC (andygraybeal!~andy@h170.195.213.151.dynamic.ip.windstream.net)
22:16
<alkisg>
Meh, too many issues with accountsservice, ldap and lightdm, we're going to have similar issues with pam_sshauth too, when we drop ldm...
22:19alkisg has left IRC (alkisg!3e01d601@gateway/web/freenode/ip.62.1.214.1, Quit: Page closed)
22:23mealstrom has left IRC (mealstrom!~Thunderbi@46.63.63.163, Ping timeout: 264 seconds)
22:49AlexPortable has left IRC (AlexPortable!uid7568@gateway/web/irccloud.com/x-tkrmcgveztdqejsp, Quit: Connection closed for inactivity)
23:18rjune has left IRC (rjune!~rjune@in-69-69-164-139.sta.embarqhsd.net, Ping timeout: 272 seconds)
23:48vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Ping timeout: 244 seconds)
23:55telex has left IRC (telex!teletype@94.247.40.156, Remote host closed the connection)
23:56telex has joined IRC (telex!teletype@freeshell.de)