IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 12 December 2016   (all times are UTC)

00:37zamba has left IRC (zamba!marius@flage.org, Ping timeout: 250 seconds)
00:41zamba has joined IRC (zamba!marius@flage.org)
01:08GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Ping timeout: 258 seconds)
03:05cliebow has joined IRC (cliebow!~cliebow@d-ptld-bng1-71-241-212-215.ngn.east.myfairpoint.net)
03:06cliebow has left IRC (cliebow!~cliebow@d-ptld-bng1-71-241-212-215.ngn.east.myfairpoint.net, Client Quit)
06:17
<highvoltage>
kernel 4.9 has usb over ip support, might be useful for ltsp: https://kernelnewbies.org/LinuxChanges
06:26
<alkisg>
highvoltage: hehe, we just decided that we don't want to support thin clients or localdevs anymore in ltsp 6, but if someone does want to send patches, they'd be welcome...
06:26
<highvoltage>
alkisg: yeah I was wondering about that before posting that because it wouldn't be all the useful in pure fat clients. they're around 15 years late with taht feature :)
06:27Statler has joined IRC (Statler!~Georg@p4FC87B28.dip0.t-ipconnect.de)
06:27
<alkisg>
Their reason is fun, for phone emulators... not for thin clients or anything...
06:28vagrant_ has joined IRC (vagrant_!~vagrant@raindrop.aikidev.net)
06:28
<highvoltage>
I'll probably just use it for my printer. my cups server isn't close to my usb printer.
06:28* vagrant_ waves
06:28
<alkisg>
And the usbip merging is also fun.... http://usbip.sourceforge.net/ says last updated in 2011
06:28vagrant_ is now known as vagrantish
06:28
<alkisg>
Hey vagrantish!
06:29
<highvoltage>
hello vagrantish :)
06:29
<alkisg>
highvoltage: why not plain jetpipe? there's a project just for printers over the jetpipe protocol...
06:29
<highvoltage>
alkisg: ah yes, it's been some years since I've used that, I have nearly forgotten about that
06:29
<alkisg>
http://p910nd.sourceforge.net/
06:30
Either that, or ogra_'s jetpipe...
06:30
<highvoltage>
alkisg: but then I don't get to play with new things in the kernel
06:30
<alkisg>
True true, yup please do the usbip thing
06:30
And tell us how it goes
06:32
sbalneav, vagrantish, I wonder if we could change ldm a bit so that it does screen-scraping locally instead of over ssh, so that we put pam-ssh in ltsp5 without any other changes... and whether that plan does make any sense
06:33
(while waiting for ltspd, which might take a while...)
06:33* vagrantish struggles to understand how that would even work
06:34
<alkisg>
We start with a normal ldm screen like ltsp usually shows
06:34
<vagrantish>
sure
06:34
<alkisg>
User types username, but then ldm doesn't call the ssh plugin but the local plugin
06:34
which tries to authenticate locally, but then pam-ssh takes over and does the authentication remotely,
06:34
<vagrantish>
oh, i was also wondering if we should use libpam-mount instead of implementing the sshfs stuff in a hook
06:34
<alkisg>
then pam-ssh handles the passwd stuff so X01-localapps isn't really needed anymore
06:35
<vagrantish>
a new ldm plgin?
06:35
<alkisg>
The plus side is that all the LDM* lts.conf variables, the SCREEN=ldm etc continue to work
06:35
<vagrantish>
e.g. ssh, rdesktp, local ?
06:36
<alkisg>
It shouldn't be different to the ssh plugin, a direct copy except for a few lines
06:36
It can either replace it or it can be an other one like you said
06:36
<vagrantish>
that's an interesting idea to make forward progress without jumping in all the way... :)
06:40
i guess it could use "su - -c sh" or something instead of ssh
06:41
<alkisg>
Or the login command
06:45
<vagrantish>
it does seem a little odd to keep LDM limping along ...
06:45
but, hey, incremental
06:45
if it means we can get better testing of sshauth....
06:46
<alkisg>
And maybe even from advanced users using lightdm and sending us patches...
06:47
<vagrantish>
so, what about libpam-mount for the homedir mounting rather than a custom hook?
06:47
that would make it easier to use things other than sshfs
06:47
and presumably hook into the pam stack all the same
06:47
<alkisg>
Does libpam-mount support using an ssh socket?
06:47
<vagrantish>
don't know off the top of my head
06:48
<alkisg>
It sounds like a bit unusual case for them to support it...
06:48
<vagrantish>
but the environment variables must be available, since we use them from PAM_EXEC
06:49
<alkisg>
When what we do is a single command, and we can easily do an "if.." to allow others to use pam-mount-whatever, I'm not sure there's much benefit in us using pam-mount etc
06:49
It's the same as pam-mkhomedir, we can do a mkdir ourselves, no need to use that
06:50
<vagrantish>
guess it's just something to look into
06:50
<alkisg>
And if someone does wnat to use it, we can do an "if" and not do the mkdir call
06:50
<vagrantish>
it handles unmounting and so on
06:51
<alkisg>
If it makes our life easier, sure, then it's a thing to consider. But not for "other use cases that others might need in the future but we don't know what they might be just yet"
06:51
There they needed some wrappers to make it work: https://debian-administration.org/article/587/pam_mount_and_sshfs_with_password_authentication
06:52
<vagrantish>
sure, if it requires lots of workarounds, probably doesn't make sense
06:52
just, if we can re-use something already existing and easily hook into it, better than writing our own
06:53
i guess they can just use a different pam_exec call the way it is now
06:54
<alkisg>
Another thing to consider is the new configuration file format
06:55
Me and Phantomas settled for an ini-like format again, but maybe something else would be better?
06:55
Although now it's whatever Python's configparser can parse, e.g. it can also have multiple lines for entries
06:56
<vagrantish>
heh, the article you reference even mentions ltsp :)
06:56
<alkisg>
Hehe
06:57
<vagrantish>
eesh. xml config files
06:57
regarding libpam-mount
07:00
fwiw, it looks like you can pass arbitrary options to the pam_mount command, so presumeably you could pas it the ssh socket
07:01
<alkisg>
There's also another bug report that says that pam-mount mounts the dirs twice and doesn't unmount them on logout...
07:01
<vagrantish>
ouch
07:01
<alkisg>
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666891
07:05
<vagrantish>
the theory of re-using existing components is on the basis it will work better due to more testing, but obviously that may not hold true :)
07:05
<alkisg>
If they save us more than 20-30 lines of code, sure, but for less, I don't think it's worth it
07:18ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
07:48user3948572 has joined IRC (user3948572!~user39485@mail.lbathivel.com)
08:00mikkel has joined IRC (mikkel!~mikkel@mail.dlvs.dk)
08:09ErigonW has joined IRC (ErigonW!~quassel@46.244.63.50)
09:42Statler has left IRC (Statler!~Georg@p4FC87B28.dip0.t-ipconnect.de, Remote host closed the connection)
09:56markus_e92 has left IRC (markus_e92!~markus_e9@188-23-163-244.adsl.highway.telekom.at, Ping timeout: 260 seconds)
09:58markus_e92 has joined IRC (markus_e92!~markus_e9@188-23-43-248.adsl.highway.telekom.at)
10:12Statler has joined IRC (Statler!~Georg@mail.lohn24.de)
10:14GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
11:28user3948572 has left IRC (user3948572!~user39485@mail.lbathivel.com, Quit: Quitte)
12:57mikkel has left IRC (mikkel!~mikkel@mail.dlvs.dk, Quit: Leaving)
13:00ErigonW has left IRC (ErigonW!~quassel@46.244.63.50, Remote host closed the connection)
13:33schlady has joined IRC (schlady!~schlady@141-53-221-187.ip.uni-greifswald.de)
14:00
<muppis>
!vnc
14:00
<ltsp>
I do not know about 'vnc', but I do know about these similar topics: 'x11vnc', 'kvm-vnc', 'vnc-plinet', 'vnc-alkisg', 'vnc-dide', 'vnc-edide'
14:00
<muppis>
!x11vnc
14:00
<ltsp>
x11vnc: One way to share a graphical screen with a remote person is: [local pc] port forward 5500, run: vncviewer -listen [remote pc] sudo apt-get install x11vnc; x11vnc -noshm -connect <technician-ip>
14:10schlady has left IRC (schlady!~schlady@141-53-221-187.ip.uni-greifswald.de, Remote host closed the connection)
14:17schlady has joined IRC (schlady!~schlady@141-53-221-187.ip.uni-greifswald.de)
14:18bitchecker has left IRC (bitchecker!~bitchecke@31.131.20.132, Ping timeout: 260 seconds)
14:21bitchecker has joined IRC (bitchecker!~bitchecke@31.131.20.132)
14:34dtcrshr has joined IRC (dtcrshr!~datacrush@unaffiliated/datacrusher)
14:47
<sbalneav>
Morning all
14:56schlady has left IRC (schlady!~schlady@141-53-221-187.ip.uni-greifswald.de, Remote host closed the connection)
14:59ben_roose has joined IRC (ben_roose!~roose@roose.cs.wichita.edu)
17:00adrianorg has joined IRC (adrianorg!~adrianorg@177.132.223.101)
17:53markus_e92 has left IRC (markus_e92!~markus_e9@188-23-43-248.adsl.highway.telekom.at, Ping timeout: 246 seconds)
17:55markus_e92 has joined IRC (markus_e92!~markus_e9@193-81-97-165.adsl.highway.telekom.at)
18:00GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Quit: Ex-Chat)
18:00GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
18:10
<sbalneav>
vagrantish: I've updated the python script; it now merges the existing information with the new information coming in from the login.
18:46gp has left IRC (gp!~gp@104-14-168-137.lightspeed.rcsntx.sbcglobal.net, Quit: Leaving)
19:54Statler has left IRC (Statler!~Georg@mail.lohn24.de, Quit: Leaving)
20:48gp has joined IRC (gp!~gp@104-14-168-137.lightspeed.rcsntx.sbcglobal.net)
20:48
<alkisg>
!s
20:48
<ltsp>
s: Scotty!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
20:48
<sbalneav>
Hey alkisg
20:49
I'm working on getting the keyboard-interactive auth method going.
20:49
<alkisg>
sbalneav: did you read the idea about using ldm with pam-ssh?
20:49
That sounds a bit opposite to what we want to do, but it'll allow us to use it almost immediately...
20:50
<sbalneav>
I'm not sure how we'd make that work.
20:50
ldm launches ssh and screen scrapes the prompts
20:50
<alkisg>
Something with local screen scraping... like maybe to "su -"
20:50
Or to "login username"
20:51
<sbalneav>
no clue how I'd bolt that together, and I don't see the point; why bother trying to back-fix ldm when that's not where we want to go anyway?
20:52
<alkisg>
It's a long way to ltsp 6; implementing the daemon, defining new variables (e.g. LDM_USERNAME or XRANDR_*) and hooks...
20:53
While that way we could use the pam-ssh almost immediately
20:53
I'm not sure it's a good idea; but I thought I'd mention it anyway
20:54
<sbalneav>
I'm in a groove now; I'd personally rather help with writing the daemon, etc. :D
20:55
<alkisg>
Hehe, cool
20:56
<sbalneav>
by the way, the authenticator now properly merges the new auth data with whatever's previously in extrausers
20:56
Made those commits thismorning.
20:56
<alkisg>
Nice. Does it remove the users that have logged out in the meantime?
20:57
<sbalneav>
no, unless we write some sort of setuid helper...
20:57
<alkisg>
If we do that upon login of the next user,
20:58
then we only have 1 "old" user in passwd, and only until another one logs in
20:58
That's not very bad; it even allows its name to display in lightdm in case he wants to login again
20:58
<sbalneav>
I'm not convinced it's necessary, anyway. Who cares if dead user geometry is on the box, if it gets properly replaced when a new user logs in.
21:00
<alkisg>
(10:49:02 μμ) sbalneav: I'm working on getting the keyboard-interactive auth method going. ==> what does that mean? Password expiry etc?
21:00
<sbalneav>
Yeah, that'll be needed for password expiry
21:02
If you're going to do password expiry over ssh, you need to enable "ChallengeResponse Authentication" in the ssh server
21:04
<alkisg>
We can arrange all that in some "ltsp-config ssh" step, or a big one "ltsp-config pnp" which will do all the other ones
21:05
<sbalneav>
Well, that would need to be done on the ltsp server; I'm not sure of the implications of automatically editing an /etc config file, especially one as sensitive as sshd_config.
21:05
<alkisg>
Policy says you can't do it from a package postinst
21:06
We could drop a file in ssh.d if there was such a dir, but there isn't
21:06
But tools to be ran by the admin can freely modify anything
21:06
<sbalneav>
What's your take on the number of people needing password expiry? A lot? Or relatively small number need that feature?
21:06
<alkisg>
As it's considered user-initiated
21:06
<sbalneav>
Ah, ok, then we'd be fine.
21:06
<alkisg>
I never use it myself...
21:06
(in all the schools here, I mean)
21:07
But schools are a special case, they may even recreate accounts once per year, so I'm not sure about other use cases
21:07
<sbalneav>
It sort of strikes me as the kind of thing that, it's such a small number of users who need it (like me), that I'd be happy with a completely manual config process to set it up: i.e. just instructions on how to do it.
21:07
<alkisg>
So far, there weren't many complains about ldm not supporting it
21:08
Sure that'd be fine, but I also change something else in ssh...
21:08
...
21:08
MaxStartups 20:30:60
21:08
Otherwise I can't WOL more than the default 10 PCs
21:09
<sbalneav>
ah, cool
21:10
Eurgh, merging "try_first_pass" functionality with keyboard-interactive is gross
21:10
<alkisg>
We could also test the server and define the fastest encryption method in sshd_config, for speed
21:10
(as part of ltsp-config ssh)
21:11* alkisg waves good night for now... :)
21:13
<sbalneav>
Cheers, alkisg!
21:28GodFather has left IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com, Ping timeout: 260 seconds)
21:51ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:10gp has left IRC (gp!~gp@104-14-168-137.lightspeed.rcsntx.sbcglobal.net, Quit: Leaving)
22:11GodFather has joined IRC (GodFather!~rcc@96-35-101-212.dhcp.bycy.mi.charter.com)
22:32ben_roose has left IRC (ben_roose!~roose@roose.cs.wichita.edu, Remote host closed the connection)
23:30dtcrshr has left IRC (dtcrshr!~datacrush@unaffiliated/datacrusher, Quit: Saindo)
23:57jgee has left IRC (jgee!~jgee@186.85.169.215, Remote host closed the connection)