IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 31 January 2021   (all times are UTC)

02:10AppleMuncy has joined IRC (AppleMuncy!6bcbeb20@107-203-235-32.lightspeed.iplsin.sbcglobal.net)
02:12AppleMuncy has left IRC (AppleMuncy!6bcbeb20@107-203-235-32.lightspeed.iplsin.sbcglobal.net, Client Quit)
03:14GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 256 seconds)
03:14GodFather_ has left IRC (GodFather_!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 272 seconds)
05:30eu^58163155122 has joined IRC (eu^58163155122!3aa39b7a@58.163.155.122)
05:31eu^58163155122 has left IRC (eu^58163155122!3aa39b7a@58.163.155.122, Client Quit)
07:29Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:85ba:b9d4:7b25:b2d0)
07:42woernie has joined IRC (woernie!~werner@p5b2966e7.dip0.t-ipconnect.de)
08:10ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
09:10Hessef has joined IRC (Hessef!587ebce9@88.126.188.233)
09:11
<Hessef>
Bonjour
09:11
Des francais ici ?
09:22Hessef has left IRC (Hessef!587ebce9@88.126.188.233, Quit: Ping timeout (120 seconds))
09:53
<sebd>
oui :)
10:17
<alkisg>
:)
11:08sebd has left IRC (sebd!~seb@aditu.ldd.fr, Ping timeout: 264 seconds)
11:08sebd has joined IRC (sebd!~seb@aditu.ldd.fr)
11:30Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:85ba:b9d4:7b25:b2d0, Ping timeout: 272 seconds)
11:41Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
14:54Hessef has joined IRC (Hessef!587ebce9@88.126.188.233)
14:55
<Hessef>
bonjour
15:09RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)
15:23GodFather_ has joined IRC (GodFather_!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
15:23GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
15:44Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19, Ping timeout: 272 seconds)
15:49Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
16:50Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19, Ping timeout: 265 seconds)
16:55Aison has joined IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19)
17:19Hessef has left IRC (Hessef!587ebce9@88.126.188.233, Ping timeout: 248 seconds)
17:35RaphGro has left IRC (RaphGro!~raphgro@fedora/raphgro, Quit: Please remember your own message. It'll be read as soon as possible.)
18:08GodFather_ has left IRC (GodFather_!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 264 seconds)
18:08GodFather has left IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net, Ping timeout: 264 seconds)
19:10AppleMuncy has joined IRC (AppleMuncy!6bcbeb20@107-203-235-32.lightspeed.iplsin.sbcglobal.net)
19:39
<AppleMuncy>
Bonjour, je peux lire un peu en français.
19:39
<alkisg>
Hi AppleMuncy
19:40
I think sebd speaks french?
19:40
Me, only Greek and English :)
19:42
<AppleMuncy>
I was responding to sebd : )
19:43
<alkisg>
Heh, sebd was responding to Hessef
19:52
<AppleMuncy>
And since you are here, alkisg, I think I have been having trouble with my install of ltsp because I was running 'ltsp dnsmaq' before 'ltsp image /'.  Now it seems I can not find the page that it should be the reverse of that.
19:55
<alkisg>
AppleMuncy: on the very first time, ltsp dnsmasq will complain if /srv/ltsp isn't there (and ltsp nfs too)
19:55
In later invocations, there's no issue with ordering
19:57
<AppleMuncy>
Goot to know the reason  : )
19:58
I see now first example in https://ltsp.org/man/ltsp/ fits my situation well.
19:59
Good, that is : )
20:00
So I looked at LDAP and got scared off from using it for identity and authentication.
20:14
I do like keeping things simple and low maintenance.
20:14
So here is what I'm thinking:
20:14
Create users on the ltsp server with 'adduser' with generated password.
20:14
Give the user the login and password.
20:14
Tell them to log on a client workstation.
20:14
Teach them to create public,private keys in ~/.ssh   and add public key to authorized_keys.
20:14
ssh to the ltsp server, change their password there, and run a suid root script that runs 'ltsp initrd' .
20:15
Log out and restart the laptop that runs the ltsp client.
20:15
Log in with new password.
20:16
<alkisg>
ldap is scary at first, but a simple sssd + openldapmanager is fine
20:16
To allow ssh/sshfs users to change their passwords, set up a wrapper
20:17
That does what you said
20:17
i.e.create ~/.ssh/id_rsa if itdoesn't exist, copy .pub to autorized_keys, and then do passwordless ssh server passwd
20:22
<AppleMuncy>
So I'm asking for our expert advice about the add risks of letting them use a suid root script to propagate the new password?
20:24vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
20:25
<AppleMuncy>
And I do plan on working at getting ldap/sssd working.
20:28
<alkisg>
Hmm why suid?
20:28
It's just passwordless ssh as user...
20:36
<AppleMuncy>
Maybe I'm wrong about needing to run 'ltsp initrd' before they can use the new password?
20:49
<alkisg>
passwords are not stored in initrd
20:49
They're only validated via ssh
20:49
they never reach the client
21:06
<AppleMuncy>
Thanks, I'll test it.
21:23woernie has left IRC (woernie!~werner@p5b2966e7.dip0.t-ipconnect.de, Remote host closed the connection)
21:51AppleMuncy is now known as AppleMuncy2
22:02Aison has left IRC (Aison!~Asion0@2a02:168:200f:110:69c6:120a:877c:5a19, Ping timeout: 260 seconds)
22:04map7 has left IRC (map7!~map7@103.232.216.31, Quit: Leaving)
22:11AppleMuncy2 has left IRC (AppleMuncy2!6bcbeb20@107-203-235-32.lightspeed.iplsin.sbcglobal.net, Ping timeout: 248 seconds)
22:22ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:32GodFather has joined IRC (GodFather!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
22:32GodFather_ has joined IRC (GodFather_!~rcc@wsip-66-210-242-210.ph.ph.cox.net)
22:49Vercas has joined IRC (Vercas!~Vercas@unaffiliated/vercas)