IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 1 June 2016   (all times are UTC)

00:01Phantomas has left IRC (Phantomas!~ftsamis@ubuntu/member/phantomas, Ping timeout: 260 seconds)
00:23sutula has left IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net, Ping timeout: 252 seconds)
00:24sutula has joined IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net)
01:37bennabiy has joined IRC (bennabiy!~bennabiy@unaffiliated/bennabiy)
01:59bennabiy has left IRC (bennabiy!~bennabiy@unaffiliated/bennabiy, Remote host closed the connection)
02:42sutula has left IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net, Ping timeout: 244 seconds)
02:44sutula has joined IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net)
04:06sutula has left IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net, Ping timeout: 244 seconds)
04:08sutula has joined IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net)
05:02ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
05:03alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 272 seconds)
05:06sutula has left IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net, Ping timeout: 244 seconds)
05:07sutula has joined IRC (sutula!~sutula@207-118-144-4.dyn.centurytel.net)
05:50mikkel has joined IRC (mikkel!~mikkel@mail.dlvs.dk)
05:59Freejack has left IRC (Freejack!~Freejack@unaffiliated/freejack, Ping timeout: 244 seconds)
06:00epoptes_user3 has joined IRC (epoptes_user3!3cfbec79@gateway/web/freenode/ip.60.251.236.121)
06:02epoptes_user3 has left IRC (epoptes_user3!3cfbec79@gateway/web/freenode/ip.60.251.236.121, Client Quit)
06:14robb_nl has joined IRC (robb_nl!~robb_nl@ip-83-134-23-15.dsl.scarlet.be)
06:35kjackal has left IRC (kjackal!~quassel@2a02:587:3117:9e00:a097:af5f:4679:fe15, Ping timeout: 260 seconds)
06:50kjackal has joined IRC (kjackal!~quassel@onopfy.static.otenet.gr)
06:54ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Ping timeout: 240 seconds)
06:55ricotz has joined IRC (ricotz!~ricotz@p5B2A8F04.dip0.t-ipconnect.de)
06:55ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
07:01alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
08:04robb_nl has left IRC (robb_nl!~robb_nl@ip-83-134-23-15.dsl.scarlet.be, Ping timeout: 260 seconds)
09:49GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Ping timeout: 258 seconds)
10:27Statler_ has joined IRC (Statler_!~Georg@pD9F495C1.dip0.t-ipconnect.de)
10:28Statler_ has joined IRC (Statler_!~Georg@pD9F495C1.dip0.t-ipconnect.de)
10:45GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
10:49kjackal has left IRC (kjackal!~quassel@onopfy.static.otenet.gr, Read error: Connection reset by peer)
10:50kjackal has joined IRC (kjackal!~quassel@onopfy.static.otenet.gr)
10:50lbssousa has joined IRC (lbssousa!~lbssousa@177.143.31.65)
10:52yanu has left IRC (yanu!~yanu@178-116-58-90.access.telenet.be, Ping timeout: 250 seconds)
10:52GodFather has left IRC (GodFather!~rcc@96.92.43.9, Ping timeout: 258 seconds)
11:00GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:01GodFather has left IRC (GodFather!~rcc@96.92.43.9, Read error: Connection reset by peer)
11:02GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:03GodFather has left IRC (GodFather!~rcc@96.92.43.9, Remote host closed the connection)
11:04GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:09GodFather has left IRC (GodFather!~rcc@96.92.43.9, Ping timeout: 244 seconds)
11:14GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:17GodFather has left IRC (GodFather!~rcc@96.92.43.9, Remote host closed the connection)
11:18GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:38kjackal has left IRC (kjackal!~quassel@onopfy.static.otenet.gr, Ping timeout: 272 seconds)
11:44Freejack has joined IRC (Freejack!~Freejack@unaffiliated/freejack)
11:45GodFather has left IRC (GodFather!~rcc@96.92.43.9, Quit: Ex-Chat)
11:45GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:47GodFather has joined IRC (GodFather!~rcc@96.92.43.9)
11:52GodFather has left IRC (GodFather!~rcc@96.92.43.9, Ping timeout: 244 seconds)
11:56kjackal has joined IRC (kjackal!~quassel@2a02:587:3117:9e00:c85:73fb:4e42:f7e0)
12:20vlt has joined IRC (vlt!~nobody@lvps87-230-93-209.dedicated.hosteurope.de)
12:25
<vlt>
Hello. We are running LTSP since 2006 (currently 60 clients) still on Ubuntu 12.04 with MATE desktops. I just set up a new Ubuntu 16.04 test server, installed ltsp-server and booted one client. It’s not possible to do anything on that desktop.
12:25
Can anyone recommend a desktop environment we could try?
12:26
I’m currently downloading Debian 8 to try this.-
12:27
With Ubuntu’s default desktop or its settings I can’t even move the mouse pointer on my testclient after logging in.
12:35
<ogra_>
use mate ;)
12:36
<vlt>
ogra_: What is the easiest way to do this?
12:36
Install mate-desktop instead of ubuntu-desktop?
12:36
<ogra_>
ubuntu-mate-desktop ;)
12:36
(i would guess)
12:38
<vlt>
Ok, thank you!
12:47yanu has joined IRC (yanu!~yanu@178-116-58-90.access.telenet.be)
13:32
<sbalneav>
Morning all
13:43
<highvoltage>
vlt: you get mate on 16.04 too
13:43
(oops ogra_ has already long since answered)
13:43
<ogra_>
:D
13:50izzle121 has joined IRC (izzle121!~izzle121@2601:193:c200:1d00:52e5:49ff:fec0:534b)
13:53ben_roose has joined IRC (ben_roose!~roose@roose.cs.wichita.edu)
14:17mikkel has left IRC (mikkel!~mikkel@mail.dlvs.dk, Quit: Leaving)
14:18
<vlt>
The Debian 8 install had finished meanwhile so I used this (to test) and installed mate-desktop-environment there. Looks very nice (in a vncserver session). But I couldn’t make my ltsp client boot.
14:18
It complains about something with NFS over TCP.
14:19
I guess Debian uses the (old?) root fs via NFS approach we had on Ubuntu in the 6.06 LTS days.
14:19
My Ubuntu 16.04 install (that was so slow with its standard Dnome desktop) had no problems finding the image.
14:20
Maybe there’s something on our DHCP server telling the Debian client something wrong. Hmmm …
14:32
<sbalneav>
I'm using debian 8 with nfs root.
14:35
You just need to make sure your pxelinux.cfg line is:
14:35
append ro initrd=initrd.img-3.16.0-4-586 init=/sbin/init-ltsp quiet root=/dev/nfs ip=dhcp boot=nfs
14:37
<vlt>
sbalneav: Hi
14:37
That’s the line from /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/ltsp-NFS
14:39
I think there’s a very old line in our dhcpd.conf that just was never removed that tries to force something with tcp
14:39
I’ll carefully try to comment that out and see if it changes anything.
14:40
Or breaks for the normal clients :-D
14:48
So … I removed the suspicious line from dhcpd.conf
14:49
'option option-128 code 128 = string;' and 'option option-129 code 129 = text;' for example.
14:49
I remeber having tried something with this in 2006 or so.
14:49
option option-129 "MOPTS=proto=tcp,nolock,ro,wsize=2048,rsize=2048";
14:50
This line says something about TCP.
14:50
My NBD clients fortunaltely don’t care. \o/
14:52izzle121 has left IRC (izzle121!~izzle121@2601:193:c200:1d00:52e5:49ff:fec0:534b)
14:54
<vlt>
sbalneav: The client failing to boot Debian (complaining about NFS) dropped to (initramfs). /proc/cmdline has exactly the line you pasted.
14:55adrianorg has left IRC (adrianorg!~adrianorg@177.134.57.76, Ping timeout: 244 seconds)
14:55
<vlt>
This is _after_ I removed the MOPTS line from dhcpd
14:56
<sbalneav>
So, the server you're booting from is debian?
14:57adrianorg has joined IRC (adrianorg!~adrianorg@177.18.182.181)
14:58
<vlt>
Yes.
14:59
I’m curretnly trying with Debian and Ubuntu.
14:59
(Ubuntu is still installing ubuntu-mate-desktop.)
14:59
I just ran `ltsp-config isc-dhcp-server` on the Debian machine to create the example file for dhcpd.
15:00
All seems correct.
15:01
The important options being next-server, root-path and filename.
15:02
I think if it gets as far as searching for its NFS root there’s no problem with the kernel :-D
15:02
I mean, finding it.
15:02
<sbalneav>
ok, so this debian server, with it's own dhcpd server, is physically isolated from the ubuntu server? Or is all of this on the same physical network?
15:03
i.e. how do you know the client's picking up the debian server for dhcp?
15:05
<vlt>
sbalneav: The dhcp server is separate.
15:05
I can see the client getting its correct IP address and "next-server" instruction.
15:06
Then when it drops to initramfs shell I can see that it runs the Debian kernel
15:06
<sbalneav>
what's the /etc/exportfs look like on the debian server?
15:06
Should have the line:
15:06
/srv/ltsp *(ro,no_root_squash,async,no_subtree_check)
15:06
<vlt>
/opt/ltsp *(ro,no_root_squash,async,no_subtree_check)
15:06
<sbalneav>
Or wherever your ltsp chroot is.
15:07
ltsp chroot at /opt/ltsp?
15:07
i.e. /opt/ltsp/i386?
15:07
<vlt>
Yes.
15:07
<sbalneav>
Seems correct then.
15:11
<vlt>
sbalneav: While the client was till spitting its "NFS problem" errors on the screen I rebooted Debian.
15:11
The client stopped with the errors.
15:11
So apparently there was at least some kind of connection.
15:11
After the Debian machine had rebooted the client just continued and then …
15:11
loaded its root fs!
15:12
Now: login screen
15:12
:D
15:24
Works! Thank you all!
15:24
<sbalneav>
k
15:24
np
15:35vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
16:28gehidore has left IRC (gehidore!~username@unaffiliated/man, Read error: Connection reset by peer)
16:30gehidore has joined IRC (gehidore!~username@unaffiliated/man)
16:54GodFather has joined IRC (GodFather!~rcc@75-145-237-204-Michigan.hfc.comcastbusiness.net)
17:24Statler_ has left IRC (Statler_!~Georg@pD9F495C1.dip0.t-ipconnect.de, Quit: Leaving)
17:41yanu has left IRC (yanu!~yanu@178-116-58-90.access.telenet.be, Ping timeout: 264 seconds)
17:41GodFather has left IRC (GodFather!~rcc@75-145-237-204-Michigan.hfc.comcastbusiness.net, Ping timeout: 244 seconds)
17:49kjackal has left IRC (kjackal!~quassel@2a02:587:3117:9e00:c85:73fb:4e42:f7e0, Ping timeout: 264 seconds)
17:49yanu has joined IRC (yanu!~yanu@178-116-58-90.access.telenet.be)
18:29
<sbalneav>
vagrantc: oh baby
18:29
things are gettin' good.
19:06Statler_ has joined IRC (Statler_!~Georg@pD9F495C1.dip0.t-ipconnect.de)
19:11* vagrantc dances to the music
19:11
<vagrantc>
sbalneav: how good?
19:12
<sbalneav>
gimme a sec, lemme do some commits.
19:12
Then I can explain as we go.
19:17
OK
19:17
So.
19:17
first, let's look at:
19:18
https://git.launchpad.net/~ltsp-upstream/+git/pamexternal-sshauth/tree/ssh_authenticate.py
19:18
Pam line for this would be:
19:18
auth required pam_external.so debug host=server ltsp
19:19
So, at around line 44, it opens the port
19:19
Starting at line 59, it does the auth
19:20
At line 91, if we've specified the 'ltsp' pam parameter (we have), it'll pull across the passwd(5) and group(5) entries over the ssh connection.
19:20
It sets PAM_AUTHTOK (for the next module in the pam stack)
19:21
Sets some environment variables (PAM_SSHAUTH_HOST, and _PORT
19:21
And finishes authenticating.
19:21
So now, we have set on the pam stack: the password (In PAM_AUTHTOK), and all the user geometry.
19:22
Now the user geometry is found where nssexternal-multifile will find it:
19:23
https://git.launchpad.net/~ltsp-upstream/+git/nssexternal-multifile/tree/multifile
19:23
This works with nss-external
19:24
So, we've created some individual files with the users' geometry, and nss-external with that script (5 lines!) provides all the user geometry.
19:24
Now the second pam line is:
19:24
auth required pam_exec.so debug expose_authtok /usr/share/ltsp-pam/ltsp-session
19:24
That calls the LTSP session script
19:25
Which in turn calls the ssh-connect script:
19:25
https://git.launchpad.net/~ltsp-upstream/+git/ltsp-pam/tree/ltsp-pam/ssh-connect
19:26
Since we specified "expose authtok", we'll get the password (stored in PAM_AUTHTOK by the ssh_authentication script under pam-external) on stdin
19:27
on line 58 it reads it.
19:27
Now at line 29 and 30, it drops privs to the user
19:27
which it can, because we've already got all the user geometry pulled across from the ssh_authenticate script!
19:28
So we spawn the ssh tunnel
19:28
in a pty, so we can read the "Password: " prompt
19:28
then we shoot it the password (vi stdin) that we get as part of pam_exec
19:29
<vagrantc>
so this still does two ssh connections?
19:29
<sbalneav>
Well it does one to authenticate, then one for the tunnel, yes.
19:30Statler_ has left IRC (Statler_!~Georg@pD9F495C1.dip0.t-ipconnect.de, Remote host closed the connection)
19:30
<vagrantc>
sbalneav: i think the happy packet dance has some new competition
19:31
<sbalneav>
So with the exception of pam-external and nss-external, which are just shims, all the *real* work of authenticating, name-services, and plumbing the tunnel, is being done in *scripts*.
19:31
And can be modified to suit, easily.
19:32
<vagrantc>
much easier to debug a one-liner, sure!
19:32
<sbalneav>
Of course, when you log out, all you have to do is just a) shut down the ssh tunnel, and 2) remove the two files created that hold the user geometry.
19:32
<vagrantc>
a little more resource-heavy using python... but i'm hoping that's not too much of a problem
19:33
sbalneav: so should i start packaging this stuff up?
19:34
and does most of it just use ./autogen.sh && ./configure && make ?
19:34
<sbalneav>
package up pam-external and nss-external. I'm gonna work on the scripting bits in ltsp-pam et al for a couple days more.
19:34
nss-external: ./autogen, ./configure --prefix=/usr; make; make install
19:35
<vagrantc>
i'll get some proof-of-concept packages going ... it'll be a while before it lands in debian
19:35
<sbalneav>
pam-external: ./autogen; ./configure --prefix=/usr --with-libsecuritydir=/lib/security/whateverthehellmultiarchmagicyouneed ; make; make install
19:35
<vagrantc>
although probably a bit faster since i've been prodding on getting the licensing sorted up front :)
19:36
<sbalneav>
right, licensing should be "as you want it" for both, and *both* have manpages.
19:37
each of nss-external and pam-external needs an /etc/ dir
19:37
named, oddly enough, /etc/pam-external and /etc/nss-external
19:38
<vagrantc>
is there anything that should go in there by default, or does it use "sane" built-in values?
19:38
<sbalneav>
It uses nothing. symlinks to the requred external programs must be created.
19:38* vagrantc has been messing with pine64 boards today, but is excited to try this new stuff
19:38
<sbalneav>
And since they're symlinks.....
19:39
update-alternatives, anyone?
19:39
So, in other words, you put ssh_authenticate.py anywhere you want in the filesystem
19:39
<vagrantc>
sbalneav: you did symlinks rather than a configuration file value or something?
19:39
<sbalneav>
right.
19:39
There's no configuration file for either
19:39
<vagrantc>
or a pam option?
19:39
<sbalneav>
JUST the symlinks.
19:40
for the authentication phase, pam-external looks for /etc/pam-external/authenticate
19:40
<vagrantc>
but what if someone wants to use pam_external for multiple different purposes or configurations?
19:40
<sbalneav>
use update-alternatives.
19:40
<vagrantc>
that doesn't work for multiple concurrent uses
19:41
<sbalneav>
ok, easy.
19:41
<vagrantc>
anyways, i'll run with what you've got for now, and heckle later :)
19:41
<sbalneav>
ok
19:42
so /etc/pam-external/authenticate -> /wherever/in/the/file/system/is/ssh_authenticate.py
19:44
Anyway, needless to say... I'm *very* pleased.
19:44
<vagrantc>
"Move from obscure and non-intuitive single character commands to actual human readable commands. Where possible, make them conform
19:44
to pam function names"
19:44
that's good.
19:53GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
19:53ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
19:54GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Read error: Connection reset by peer)
19:56GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
19:58
<||cw>
vagrantc: I'd imagine that if you wanted multiple concurrent externals that it would be site specific and you'd make your own wrapper that calls the ssh and whatever externals in whatever order/logic is needed
19:59
<vagrantc>
||cw: thats reasonable, i guess.
19:59
it seems like pam at least could specify this stuff on the pam configuration line, though
19:59
not sure about nss
20:00
sbalneav: build-dependencies for libpam-external?
20:01
sbalneav: libpam-sshauth uses: debhelper (>= 9), libssh2-1-dev, libpam0g-dev | libpam-dev, dh-autoreconf, pkg-config, zlib1g-dev
20:01
sbalneav: i'm guessing at least libpam*-dev ... pkg-config? lig1g-dev ?
20:01
sbalneav: er, zlig1g-dev
20:08
sbalneav: some compiler warnings (treated as errors) for you: https://paste.debian.net/713291/
20:08
<sbalneav>
libutil is the only library used
20:08
k lemme see...
20:09
hmmm, ok
20:09
gimme one sec, those are easily fixed.
20:09lbssousa has left IRC (lbssousa!~lbssousa@177.143.31.65, Quit: Leaving)
20:09
<vagrantc>
sbalneav: what toolchain are you using?
20:10GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Read error: Connection reset by peer)
20:11cyberorg has left IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg, Ping timeout: 276 seconds)
20:11
<sbalneav>
umm, not sure what you mean. Just regular autoconf, automake?
20:11GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
20:12
<vagrantc>
sbalneav: what OS (and thus, what versions of the tools)
20:14
<sbalneav>
oh, debian 8
20:14
try latest push
20:14GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Read error: Connection reset by peer)
20:15GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
20:24
<vagrantc>
sbalneav: this look like everything is there: https://paste.debian.net/713296/
20:27
<sbalneav>
yuuuuup, that's all she wrote. Did you want the package to create the empty /etc/pam-external directory?
20:28
<vagrantc>
sbalneav: basically, in order to use it at all, it needs that directory present?
20:28
for the symlinks
20:28
<sbalneav>
right
20:29
Compiled cleanly after the last commit I assume?
20:30
<vagrantc>
sbalneav: yes ... although when i added a bunch of hardening flags i got a new error.
20:30
maybe they're not all appropriate
20:30
<sbalneav>
I've got the ssh_authenticate.py and nss-multifile as separate packages for the moment, but do you think we should just roll them into ltsp-pam?
20:31cyberorg has joined IRC (cyberorg!~cyberorg@opensuse/member/Cyberorg)
20:31
<vagrantc>
sbalneav: would it make sense as examples in libpam-external and libnss-external?
20:32
sbalneav: with all hardening flags enabled: https://paste.debian.net/713298/
20:33
<sbalneav>
mmmmmmaybe, but then they'd get installed in /usr/share/doc/pam-external/examples/... , and it's gonna look a little hokey having the symlink point there. You definitely wouldn't want to create the symlink by default.
20:34
As opposed to /etc/pam-external/authenticate -> /usr/share/ltsp-pam/ssh_authenticate.py
20:34
seems... better to me
20:34
oh, yeah, you turned on one flag too many
20:34
(.text+0x20): undefined reference to `main'
20:34
it's a library, it doesn't have a mainline
20:35
<vagrantc>
ok, wonder which to disabl
20:36
<sbalneav>
hmmm, not sure.... still whining about that one write?
20:38kjackal has joined IRC (kjackal!~quassel@athedsl-4547229.home.otenet.gr)
20:53
<vagrantc>
sbalneav: yeah, stillwhining about the write, but non-fatal
20:54
sbalneav: hardening=+all,-pie seems to build ... position independent executables apparently didn't work
20:54
https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2Fg.2B-.2B-_-fPIE_-pie.29
20:56
sbalneav: still getting the write warning: https://paste.debian.net/713307/
21:00
<sbalneav>
vagrantc: Well, I'm not surprised pie doesn't work, since it's not an executable, but a ldlibrary
21:01
k, lemme do something to make that write happy
21:01
<alkisg>
About the pam examples, how about putting them in ltsp instead, and then copying them to etc by using `ltsp-config pam-external` ?
21:01
Err actually by init-ltsp ?
21:02
<sbalneav>
Well, I wouldn't copy them, I'd just symlink 'em
21:02
That was my thought, have 'em as part of the ltsp-pam package
21:02
<vagrantc>
alkisg, sbalneav: only reason i suggest including them in their respective packages as examples is that they are actually, well, examples of how to use it.
21:02
<alkisg>
If they're examples, they might be .gz
21:03
But sure the packaging can blacklist them so that they won't get compressed
21:03
<vagrantc>
or include them in a non-examples dir, and symlink them from the examples
21:03
like we do for some stuff in LTSP already, if i recall correctly
21:04
<alkisg>
If the symlinking will be done by init-ltsp, then they surely can be part of the pam-external package, they don't need to be in the ltsp package
21:04
<vagrantc>
e.g. /usr/share/doc/libpam-external/examples/foo -> /usr/share/libpam-external/foo
21:04
<sbalneav>
vagrantc: try the latest push
21:04
should be warning free
21:05
<vagrantc>
the big question gets down to one of weather it needs tight integration or not ... are we going to need to make changes to it to work with LTSP regularly, or are we going to need to make changes to make it work with libpam-external regularly?
21:05
<alkisg>
(12:04:13 πμ) vagrantc: e.g. /usr/share/doc/libpam-external/examples/foo -> /usr/share/libpam-external/foo ==> don't they need to go to /etc/pam.d ?
21:05
<vagrantc>
alkisg: that's a separate part
21:06
<alkisg>
Isn't that what init-ltsp will need to do in order to activate pam-external? More than that is needed?
21:07
<vagrantc>
alkisg: it's going to need to configure not just pam to use libpam-external, but configure libpam-external to use a particular script
21:07
but yes, that could be done in init-ltsp or whatever runtime equivalent
21:07
<alkisg>
Doesn't pam.d/* provide parameters to scripts?
21:07
<vagrantc>
alkisg: yes
21:08
alkisg: i proposed that it be configured there ... but...
21:08
that's not how it's currently implemented
21:08
<alkisg>
Then init-ltsp will only need to change one line in pam.d/something, no?
21:08
Ah
21:08
<sbalneav>
I suppose rather than having the dir, I could just have parameters, like:
21:09
<vagrantc>
sbalneav: how hard would it be to implement as a pam argument?
21:09* vagrantc draws sbalneav over to the chartreuse side
21:09
<sbalneav>
pam_external.so authenticate=/path/to/script opensession=/path/to/script other_parameters
21:09
<alkisg>
sbalneav: when someone installs the pam-external package, is it supposed to do something by default, if he doesn't configure anything at all?
21:10
<sbalneav>
It won't do anything by default.
21:10
<alkisg>
Why not "path/to/dir" with all the scripts with certain names inside the dir?
21:10
Not doing anything by default is great for ltsp-pnp :)
21:11
<vagrantc>
i don't think any pam modules do anything by default
21:11
<sbalneav>
Which would be better? pam_external.so configdir=/path/to/dir that has the links/programs in it? or just specifying the individual programs?
21:11
<alkisg>
In that case, init-ltsp.d/50-install-pam-external can just modify one pam.d/ file...
21:11
How many programs? Two?
21:11
<sbalneav>
6
21:11
<alkisg>
Dir :)
21:11
<sbalneav>
ok
21:12
I'll implement that tonight. Should we make it DEFAULT to /etc/pam-external if no "configdir" is supplied?
21:12
or make configdir a mandatory parameter?
21:12
<alkisg>
Defaulting somewhere sounds fine
21:12
<sbalneav>
k
21:12
easy enough.
21:12
<alkisg>
You can even omit the parameter for now
21:12
And let init-ltsp symlink the dir
21:13
/etc/pam-external -> /usr/share/ltsp/pam-external
21:13
<sbalneav>
well init-ltsp can just create the symlinks in the default directory
21:13
<vagrantc>
having it be a parameter would allow different parts of the pam stack use different scripts, if desired
21:13
<sbalneav>
sure.
21:13
ok, configdir parameter it is
21:13
<alkisg>
Nice
21:14
<sbalneav>
I'll do it tonight for both pam-external and nss-external
21:14
nss-external'll be harder.
21:14* vagrantc thanks sbalneav for all the work on this!
21:14
<sbalneav>
there's no "command line" for nss
21:14
<vagrantc>
yeah, that's what i was wondering about ...
21:15* alkisg hopes we'll start integrating all that to ltsp 6 in debconf....
21:15
<sbalneav>
That's why I'm codin' like a madman :D
21:15* vagrantc praises sbalneav's kind of madness
21:16
<alkisg>
Where do nss modules go? I don't see an /etc/nss.d dir...
21:16
<vagrantc>
alkisg: /etc/nssswitch.conf
21:16
<alkisg>
# locate mdns4_minimal
21:16
/lib/i386-linux-gnu/libnss_mdns4_minimal.so.2
21:17
<sbalneav>
I guess for the nss it'll have to be a config file
21:17
<alkisg>
I mean, when nss sees "mdns4_minimal" there, how does it know that it needs to load "/lib/i386-linux-gnu/libnss_mdns4_minimal.so.2"
21:17
<vagrantc>
sbalneav: write warning gone!
21:17
<sbalneav>
wait....
21:17
for the nss
21:18
/etc/nss-external-foo
21:18
/etc/nss-external-bar
21:18
<vagrantc>
/etc/nss-external/*.conf
21:18
<sbalneav>
ln -s /etc/nss-external-bar /etc/nss-external
21:18
want to change it mid stream?
21:18
ln -s /etc/nss-external-foo /etc/nss-external
21:19
no difference between that and updating a conf file
21:19
back in a bit, gotta pick up the wife.
21:19* vagrantc waves
21:34ben_roose has left IRC (ben_roose!~roose@roose.cs.wichita.edu, Remote host closed the connection)
21:47lmds_ has joined IRC (lmds_!~lmds@tui.pi-et-ro.net)
22:12kjackal has left IRC (kjackal!~quassel@athedsl-4547229.home.otenet.gr, Ping timeout: 250 seconds)
22:19
<vagrantc>
sbalneav: lintian things libnss-extrafiles includes shared libraries ... is that so, or a false positive? if so, i'll need to learn a bunch of stuff to support this...
22:19
not that learning is *bad* ... just going to take a bit more time :)
22:20Leolo_2 has left IRC (Leolo_2!~fil@24-54-31-128.mg.cgocable.ca)
22:20Leolo_2 has joined IRC (Leolo_2!~fil@24-54-31-128.mg.cgocable.ca)
22:20
<Leolo_2>
can one put wildcard MACs in lts.conf?
22:21
so that all computers from the same mfg get teh same setup
22:21
example : [00:01:c0:*] so that all my fitlets would get the same config?
22:57
<vagrantc>
Leolo_2: should
22:58
i remember merging a patch that someone supported to do that
22:58
i used it for IP addressed stanzas for a while
23:50kjackal has joined IRC (kjackal!~quassel@athedsl-4547229.home.otenet.gr)
23:55kjackal has left IRC (kjackal!~quassel@athedsl-4547229.home.otenet.gr, Ping timeout: 240 seconds)