[12:49] <sbalneav> WOOT
[12:49] <sbalneav> Autologin working in ldm2
[12:58] <moquist> coolies
[12:59] <moquist> sbalneav: I don't remember if I've already asked you...will there be a feature in ldm2 to specify an alternate greeter executable in lts.conf?
[12:59] <moquist> 'cuz I want one. :)
[12:59] <sbalneav> Well, it'll be there, but your greeter's gonna have to behave a certain way.
[01:00] <moquist> Burgundavia: whiprush did a fantastic job @ FOSSED. thx for the recommendation.
[01:00] <moquist> sbalneav: as in, it'll have to pass back the same data on stdout that the stock greeter does? (4 params on 4 lines in feisty)
[01:00] <sbalneav> Nope, nowhere near that now.
[01:01] <moquist> whatcha mean?
[01:01] <sbalneav> You're greeters going to have to be interactive
[01:01] <moquist> interactive with ldm?
[01:01] <sbalneav> Yep.
[01:01] <moquist> stdin/stdout interactive?
[01:01] <sbalneav> yep
[01:01] <moquist> doesn't sound too painful
[01:01] <sbalneav> I'm finding it plenty painful :)
[01:02] <moquist> OH. 8-\
[01:02] <sbalneav> Why, what do you want with a custom greeter?
[01:02] <sbalneav> Your own look and feel?
[01:03] <sbalneav> Or something else?
[01:03] <moquist> Xdialog is very, very fast.
[01:04] <moquist> Also, we run a training center where we want to be passwordless.
[01:04] <moquist> maybe the latter reason won't be a reason once we're basking in the coolness of ldm2
[01:04] <sbalneav> Well, the LDM_USERNAME and LDM_PASSWORD env variables should do for the latter.
[01:04] <sbalneav> And the new greeter in C only takes about a second to pop up.
[01:05] <moquist> but we want people to be different users; how is it OK for the same user to be logged into every TC?
[01:05] <sbalneav> [192.168.0.20] 
[01:05] <sbalneav>  LDM_USERNAME=station1
[01:05] <sbalneav>  LDM_PASSWORD=donttellanyon
[01:05] <moquist> K. I remain hopeful that I won't have to mess around any to get the greeter to be fast fast fast. But it will still be a cool feature to be able to easily specify an alternate greeter executable. :)
[01:05] <sbalneav> [192.168.0.21] 
[01:06] <moquist> OK.
[01:06] <sbalneav>  LDM_USERNAME=station2
[01:06] <sbalneav> etc.
[01:06] <moquist> looks good.
[01:06] <moquist> well, one tic in that scenario is that a user can't easily be the same user again, except by luck of the DHCP-draw
[01:07] <sbalneav> Yeah, ldm2 and the greeter are way, WAY faster.  You'll be able to specify an alternate greeter, but it's going to have to be a more complicated program than before.
[01:07] <sbalneav> [00:DE:AD:BE:EF:FF] 
[01:07] <sbalneav> Do it by mac addr.
[01:08] <moquist> that's why I decided against that scenario in my current hack-in feisty greeter. I just let the user specify a username, and I set all the passwords to 'secret', and had the greeter print <username>, 'secret', 'default', 'default' (or whatever)
[01:08] <moquist> sbalneav: yeah, I decided against mac addr specifically, as well. but it's dang cool that ldm2 will support either. :)
[01:08] <moquist> sbalneav: how about a feature to support allowing the user to specify the username, but always using a given default password? :)
[01:08] <moquist> [*] 
[01:09] <moquist>  LDM_PASSWORD=secret
[01:09] <sbalneav> Gadi had an idea about setting the username and password to be able to be scripted, by spevifying a | in front
[01:09] <moquist> nice
[01:09] <sbalneav> So, you could say LDM_USERNAME=|/path/to/my/function/returning/a/username
[01:10] <moquist> oh, and that could be (for example) an Xdialog that just asks for a username
[01:10] <moquist> cool
[01:10] <moquist> forget ldm2, man. this sounds like ldm20.
[01:10] <sbalneav> Not sure if I'll have time to implement that this time around, as it complicates things quite a bit, but I'd like to get it in there eventually, as it's a great idea.
[01:10] <moquist> I think edubuntu has won at work. I'm so excited I kind of bounce when I think about it. :)
[01:11] <moquist> sbalneav: I've packaged the smbldap-configure script for Ubuntu.
[01:11] <sbalneav> ah, nice.
[01:11] <moquist> sbalneav: I just need to get some feedback from a mentor now.
[01:12] <moquist> sbalneav: I talked with gadi about local apps @ FOSSED this week.
[01:12] <Burgundavia> moquist: whiprush said he had tonnes of fun and really enjoyed it
[01:12] <sbalneav> I'd love to see moodle by default in edubuntu
[01:12] <moquist> sbalneav: he's convinced me that ssh is the right way to solve our problems.
[01:13] <moquist> i.e., the right way to implement it all.
[01:13] <sbalneav> Which, running an ssh server on the client?
[01:13] <moquist> sbalneav: that's the idea.
[01:13] <moquist> Burgundavia: great! He will *definitely* be invited back next year. (You're welcome, too, you know. :)
[01:13] <sbalneav> Well, it's certainly not a bad way to do it.  We need to get the ldap stuff going though.
[01:14] <moquist> sbalneav: Why? (for the TC, if ssh can get the info we need)
[01:14] <Burgundavia> moquist: I would love to come next year. I will just need some money to do so :)
[01:14] <moquist> Burgundavia: that may be a possibility. I'll keep you in mind and we'll keep in touch.
[01:14] <sbalneav> ssh user@term firefox
[01:14] <sbalneav> so, terminal is going to need to know:
[01:14] <sbalneav> who user is
[01:14] <sbalneav> users password
[01:15] <Burgundavia> moquist: sounds good. Next year I shoudl be able to talk about GIS and geographic stuff
[01:15] <moquist> ...a bunch of info it can get via ssh from the server
[01:15] <sbalneav> How?
[01:15] <moquist> Burgundavia: k
[01:15] <sbalneav> ssh talks to pam
[01:15] <moquist> sbalneav: rewrite /etc/passwd and /etc/shadow after initial authentication
[01:15] <sbalneav> ugh ugh ugh ugh no way
[01:15] <moquist> hehe :)
[01:16] <sbalneav> ldap or nothing.
[01:17] <sbalneav> You'll never EVER get something by the security team that dynamically re-writes /etc/shadow.
[01:17] <moquist> even if the admin has to turn it on?
[01:17] <moquist> it's certainly not on by default.
[01:17] <sbalneav> And Debian, and any other serious distro will just p*ss themselves laughing.
[01:18] <sbalneav> We need proper authentication.
[01:19] <moquist> yeah, in the sober light of day it doesn't seem like a good idea. I'm only giving this conversation half my brain right now, so I'm going to stop trying to make sense of it.
[01:19] <sbalneav> It's not hard.  But, for some reason, we're constantly blocked by the server team.
[01:20] <moquist> which part isn't hard?
[01:20] <moquist> configuring and managing LDAP is still painful and not integrated.
[01:20] <sbalneav> Setting up ldap auth + nsswitch
[01:20] <moquist> configuring and managing LDAP on the server is still painful and not integrated.
[01:20] <Burgundavia> moquist: did you see the emal that just came down?
[01:20] <Burgundavia> they are going to work on it for gutsy
[01:20] <Burgundavia> and of course, ebox just landed
[01:20] <moquist> Burgundavia: er, no
[01:21] <sbalneav> Either that, or we need something else.
[01:21] <Burgundavia> ebox-platform.org
[01:21] <sbalneav> a pam module that uses ssh or ssl to use the server's /etc/password and /etc/shadow
[01:21] <sbalneav> hmm
[01:21] <sbalneav> hmmmm
[01:22] <sbalneav> hmmmmmm
[01:22] <sbalneav> interesting.
[01:22] <moquist> Burgundavia: interesting.
[01:23] <moquist> Burgundavia: it looks webmin-ish.
[01:23] <moquist> we're going with webmin at work, instead of SUSE+YaST
[01:26] <moquist> Burgundavia: and who is the "they" who's going to work on "what"? (server team, working on easy and integrated ldap?)
[01:28] <moquist> sbalneav: or it could query the server dynamically with 'getent'; that way the server's nsswitch will be in effect, and you aren't making assumptions about the server's nsswitch conf
[01:29] <sbalneav> Correct.
[01:30] <moquist> sbalneav: right; the module should be able to ssh to the server as the currently-logged-in-user and run 'getent'. it's perfect.
[01:30] <moquist> man, it's really appealing to try to write that module. maybe I"ll take a crack it, though I totally should work on other stuff.
[01:30] <sbalneav> You won't be able to get a shadow entry though.
[01:31] <sbalneav> Hm
[01:31] <moquist> the shadow of doubt has crept into our discussion, I see
[01:31] <moquist> or, the doubt of shadow, anyway
[01:31] <sbalneav> No, not at all.
[01:32] <sbalneav> lol
[01:32] <sbalneav> here's how a pam module could work.
[01:32] <sbalneav> You'd need to set up a userid on the server, that would be a member of the shadow group
[01:33] <sbalneav> And set up sshkeys so that that user could make passwordless logins from the client.
[01:33] <sbalneav> then, the pam module, when handling the pam conversation
[01:34] <sbalneav> does a "ssh -l shadowuser server getent passwd" and ssh -l shadowuser server getent shadow
[01:34] <sbalneav> gets the info, and does a standard pam convo based on that.
[01:35] <sbalneav> hmm, how to handle password expires, I wonder.
[01:35] <sbalneav> You'd need root for that.
[01:53] <moquist> sbalneav: password expiration could be supported in v2...
[01:54] <sbalneav> hm
[01:54] <sbalneav> actually we don't need to handle expiry
[01:54] <sbalneav> because that would have been handles on the login
[01:54] <moquist> only if the whole auth stack is local
[01:55] <moquist> right
[01:55] <sbalneav> Well, that would work.
[01:55] <moquist> that's diskless fat client, but is there really a reason to go that far?
[01:55] <sbalneav> So, we need a pam + nsswitch module.
[01:55] <sbalneav> That's pretty easy.
[01:56] <moquist> sbalneav: especially if you've done it before. ;)
[01:59] <sbalneav> You done a pam module before?
[02:01] <sbalneav> This, actually, solves a HUGE number of problems.
[03:10] <Burgundavia> moquist: they are indeed the server team, canonicals
[03:11] <Burgundavia> basically webmin, but done right
[03:23] <moquist> Burgundavia: sounds great
[04:44] <svenstaro> Hello everybody
[04:45] <svenstaro> I'm trying to run edubuntu in an vmware to test its thinclient capabilities
[04:45] <svenstaro> Now, I don't know how to do the network configuration and the edubuntu page is kinda outdated
[04:46] <svenstaro> I'm using vmnet1 for the internal net between edubuntu and thinclient
[05:03] <svenstaro> nevermind just figured it out
[05:04] <svenstaro> but man, the 33 of you arent too word-happy :/
[05:12] <sbalneav> back
[05:12] <sbalneav> I was away :)
[05:14] <svenstaro> Well you can help me nontheless if you want
[05:14] <svenstaro> I get dumped to busy box after about 3 minutes of waiting after receiving the PXE bootroom
[05:16] <sbalneav> Which version of edubuntu?
[05:16] <svenstaro> 7.04
[05:17] <sbalneav> Sounds like the NFS root dir isn't getting mounted.
[05:18] <svenstaro> is it a serverside problem?
[05:18] <svenstaro> or something caused by vmware?
[05:18] <sbalneav> I'd guess vmware
[05:19] <sbalneav> I don't know anything about vmware, personally
[05:20] <svenstaro> how would I go about checking if the server is all ok setup?
[05:22] <sbalneav> well, showmount -a should show you what the server thinks it's exporting.
[05:23] <svenstaro> nothing listed
[05:23] <svenstaro> does this one have to do with sudo ltsp-build-client?
[05:24] <sbalneav> Did you install edubuntu server, or edubuntu workstation?
[05:24] <svenstaro> server
[05:25] <sbalneav> The server install sets up the ltsp chroot as part of the install.
[05:25] <sbalneav> do you have an /opt/ltsp/i386 directory?
[05:25] <svenstaro> just deleted it in order to perform the sudo ltsp-build-client command
[05:25] <svenstaro> now it says it cant reach the archive though networking is setup correctly
[05:26] <svenstaro> oh wait  a sec please
[05:26] <sbalneav> Why'd you delete it, as opposed to just renaming it?
[05:28] <svenstaro> That's what I'm asking myself right now, anyway, it's retrieving itself again
[05:29] <sbalneav> It'll take a while
[05:38] <svenstaro> done
[05:38] <svenstaro> still no mounts
[05:43] <svenstaro> but its working :D
[05:43] <svenstaro> thanks mate
[06:24] <svenstaro> Still there, sbalneav ?
[06:46] <svenstaro> How do I go about configuring users for edubuntu? Do I configure one for every student?
[07:01] <sbalneav> svenstaro: Yeah, you'll want to create a userid for every student.
[07:01] <svenstaro> Is it somehow possible to always load a default image for every student which resets after every logout?
[07:02] <sbalneav> I wrote something for that, a patch to pam_mkhomedir.
[07:03] <sbalneav> You could put the default home dir into /etc/skel, and the users home dir would get created from there every login, and removed on logout.
[07:03] <sbalneav> So, yes, it's possible.
[07:04] <svenstaro> Sounds good.
[08:37] <Burgundavia> moquist: ebox isn't even based on webmin
[10:01] <ksivaji> may i know what is the difference between edubuntu and kubuntu
[11:37] <gnomefreak> gnome vs kde is the biggest
[11:56] <Kamping_kaiser> gnomefreak: funny that ;)
[11:56] <gnomefreak> :)
[05:25] <Hobbsee> greetings
[05:40] <Hobbsee> *** Main will freeze on Tuesday for Tribe 3 preparations, cd preparations will commence in a couple of days ***
[10:27] <timma> hello
[10:47] <Burgundavia> hello timma