=== kupesoft_ [n=dave@CPE003018b02a53-CM0018c0c44e76.cpe.net.cable.rogers.com] has joined #ubuntu-server
=== leonel [n=leonel@] has joined #ubuntu-server
=== tck [n=tck@] has joined #ubuntu-server
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-server
=== pushpop [n=marc@pool-71-125-51-231.nycmny.fios.verizon.net] has joined #ubuntu-server
=== PanzerMKZ [i=Panzer@dialup-] has joined #ubuntu-server
pushpopany1 around03:01
Burgundaviapushpop: yep03:04
=== nictuku [n=yves@201-25-79-234.bsace706.dsl.brasiltelecom.net.br] has joined #ubuntu-server
=== leonel [n=leonel@] has joined #ubuntu-server
=== infinity_ [n=adconrad@cerberus.0c3.net] has joined #ubuntu-server
=== BFTD [n=thomas@67-150-254-81.oak.mdsg-pacwest.com] has joined #ubuntu-server
=== ||arifaX_ [n=||arifaX@p54B5A0E1.dip0.t-ipconnect.de] has joined #ubuntu-server
=== PanzerMKZ_ [i=Panzer@07-042.136.popsite.net] has joined #ubuntu-server
=== BFTD [n=thomas@67-150-255-63.oak.mdsg-pacwest.com] has joined #ubuntu-server
=== nealmcb [n=neal@wikipedia/nealmcb] has joined #ubuntu-server
=== stephanbuys [n=stephanb@gw.impilinux.co.za] has joined #ubuntu-server
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-server
BFTDhow do I use make-kpkg06:48
BFTDis it like06:48
BFTDsudo make-kpkg kernel_name ?06:49
BurgundaviaBFTD: feisty?07:01
Burgundaviait does use kpkg07:03
BFTDmake: *** No rule to make target `menuconfig'.  Stop.07:14
BFTDI get that error07:14
=== fabbione [i=fabbione@gordian.fabbione.net] has joined #ubuntu-server
=== ||arifaX [n=||arifaX@inetpop1.witron.de] has joined #ubuntu-server
=== PanzerMKZ [i=Panzer@09-074.136.popsite.net] has joined #ubuntu-server
=== nictuku [n=yves@201-25-79-234.bsace706.dsl.brasiltelecom.net.br] has joined #ubuntu-server
=== CrummyGummy [n=CrummyGu@dsl-242-11-30.telkomadsl.co.za] has joined #ubuntu-server
=== crummygummy_ [n=CrummyGu@dsl-242-11-30.telkomadsl.co.za] has joined #ubuntu-server
=== Nicke [n=niclasa@ua-83-227-140-135.cust.bredbandsbolaget.se] has joined #ubuntu-server
=== Dell-Net2 [n=filip@55860041.adsl.multi.fi] has joined #ubuntu-server
=== ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server
=== rvfh [n=rvfh@fe2adsl-2.wyplay.net] has joined #ubuntu-server
=== ivoks_ [n=ivoks@vipnet35-165.mobile.carnet.hr] has joined #ubuntu-server
=== crummygummy_ [n=CrummyGu@dsl-242-11-30.telkomadsl.co.za] has joined #ubuntu-server
=== ivoks__ [n=ivoks@vipnet247-164.mobile.carnet.hr] has joined #ubuntu-server
=== dendrobates [n=rclark@adsl-065-005-186-012.sip.asm.bellsouth.net] has joined #ubuntu-server
=== jdstrand [n=james@mail.strandboge.com] has joined #ubuntu-server
=== tck [n=tck@] has joined #ubuntu-server
=== PanzerMKZ [i=Panzer@05-115.136.popsite.net] has joined #ubuntu-server
=== fernando [n=fernando@unaffiliated/musb] has joined #ubuntu-server
fernandomoin all01:29
=== TeTeT [n=spindler@modemcable178.77-70-69.static.videotron.ca] has joined #ubuntu-server
=== PanzerMKZ [i=Panzer@05-115.136.popsite.net] has joined #ubuntu-server
=== EtienneG [n=etienne@ubuntu/member/EtienneG] has joined #ubuntu-server
=== [miles] [n=miles@bcn1.entorno.es] has joined #ubuntu-server
=== kupesoft [n=dave@red-gw.cs.toronto.edu] has joined #ubuntu-server
jdstranddendrobates, I read the "time to get onboard" email on ubuntu-server the other day.  I have a question regarding LDAP authentication.03:38
jdstranddendrobates, I have been working with kerberos (heimdal) and ldap for an authentication/authorization system, and have some ideas regarding how this could be implemented with ubuntu-server.03:39
jdstranddendrobates, I'd like to know what type of authentication/authorization system you are hoping to authenticate with.03:40
jdstranddendrobates, obviously, there are many choices in how to go about this, but I was thinking that if you had a long-term goal of providing an authentication/authorization server (eg apt-get install auth-server), then the client packages could be tailored towards that.03:42
jdstranddendrobates, they would of course be adjustable to work with other systems.03:42
jdstranddendrobates, my current feeling is that for maximum security, kerberos is used for authentication, and ldap for authorization.  That way sensitive information can be left out of the LDAP server.03:46
jdstranddendrobates, I am currently using this setup on a small LAN with workstations and laptops, and it is working fairly well.03:48
=== fernando [n=fernando@unaffiliated/musb] has joined #ubuntu-server
jdstranddendrobates, I say fairly, because there a couple of small issues with disconnected users, when the user is on a network, but can't reach the auth server (it works, but is slow).03:49
jdstranddendrobates, anyway, bottom line, I have gone through the ldap/kerberos maze and understand what needs to be done and would like to help.03:51
jdstranddendrobates, interestingly, with a few backported packages from feisty, you can get all this to work on dapper too.03:51
dendrobatesjdstrand: the current spec just wants to put some basic packages together.03:52
=== mathiaz [n=mathiaz@modemcable178.77-70-69.static.videotron.ca] has joined #ubuntu-server
jdstranddendrobates, as in something like 'apt-get install auth-client'?  Then it gets all the required packages, but lets the user configure them as needed?03:53
dendrobatesjdstrand: kerberos is something that needs to be tackled, but it is a Gutsy+1 issue, *hopefully* 03:54
dendrobatesauth-client would depend on ldap-auth-client-config, which would use debconf03:55
dendrobatesI do plan on a ldap-authentication-server eventually.03:56
jdstranddendrobates, so you want to leave out kerneros entirely for now?03:58
dendrobatesjdstrand: only because of the timeline for gutsy.03:59
jdstranddendrobates, I guess what I am really getting at is that the whole LDAP/Kerberos thing is complicated, and there are many, many ways to implement it, and perhaps targetting a long term goal for some of the short term goals, would make some of the work easier.04:02
ScottKjdstrand: Do you have some short term goals that have very little risk of impacting something else that you can suggest?04:03
jdstranddendrobates, eg if we knew we wanted an UbuntuDirectory typoe of thing, we oculd work on kerberos and LDAP and have the client packages bring in everything for that.04:03
jdstrandmy personal short term goal would be to have kerberos (better) supported in gutsy.  The pieces are there in feisty (eg, no patches are needed AFAICT so far)04:04
jdstrandThe issue is that pam and nss need to be adjusted in different ways depending on if you are authenticating against ldap or kerberos.  I was just trying to see if there was a long term goal for the authentication/authorization server, we could save some time on the client stuff.04:06
jdstrandcause the client packages would be looking to work with the authentication server04:07
jdstrandas an aside, better supporting kerberos should allow for easier use of ubuntu with AD.04:07
dendrobatesjdstrand: I have the idea that once we do the ldap-client portion, we can use that as a model to do the rest.04:07
ScottKI think now is the time to be defining the long term goals, but I just got here too.04:08
soren3/win 2204:09
jdstranddendrobates, hmmm... but there are so many client choices.  Would you agree that if we had an idea of the type of authentication server that was to be implemented, it might make it easier to define the client?04:09
jdstranddendrobates, because if we say to define an ldap client, that makes a presupposition that down the line passwords will be stored in ldap.  Maybe that is what is wanted, but maybe it isn't.04:11
dendrobatesjdstrand: I don't think we can assume we will be connecting to an ubuntu server, we should try to support the most common use cases in businesses first.  imho04:11
jdstranddendrobates, this means extra work and configuration for single sign on04:11
jdstranddendrobates, I absolutely agree with your last comment.04:12
jdstranddendrobates, what do you see as the most common use cases?04:12
jdstranddendrobates, which really gets back to my original question...04:13
ScottKWhich is why it's convenient that one of the steps in writing an Ubuntu spec is defining the use cases...04:13
dendrobatesjdstrand: AD for sure, than perhaps NDS, SUN, or redhat's openldap,  I'm not totally sure04:14
jdstranddendrobates, for AD, you will need kerberos...04:14
jdstranddendrobates, at least, as I understand it04:15
dendrobatesScottK, that is certainly true.  The only reson this spec is so narrow, is because I want to be able to complete something for Gutsy.  I expect this to be rolled under a more comprehensive spec later04:15
ScottKRight.  I wasn't suggesting changing the current spec, just start writing the comprehensive one.04:16
jdstrandperhaps then it would be good to have somehting like: auth-client-redhat, auth-client-nds, auth-client-ad, auth-client-sun, auth-client-ubuntu04:17
jdstrandperhaps all of those don't need to be separate, but you get the idea04:18
jdstrandperhaps those are separate packages, or separate debconf choices..04:19
jdstrandi am just brainstorming here04:20
dendrobatesthat is kind of what I have in my head.  perhaps an external program that will for the /etc/pam.d config stuff, for debconf, like we do for inetd04:20
ScottKUser response would, of course, be: I don't want to pick.  I want it all.04:20
jdstranduser can't always get what he/she wants  :)04:20
ScottKVery true.04:21
jdstrandseriously, I don't know all their implementations, but certainly you can't have work with AD and straight LDAP simultaneously04:21
jdstrandperhaps down the road some sort of authentication profile could be in place, maybe with hooks in network manager or something, but not for this04:22
jdstrandthat is not a bad idea actually...04:22
jdstrandbut still not for this04:22
jdstranddendrobates: well with what you described, there is nothign saying there couldn't be a auth-client-kerberos package/debconf option04:24
jdstranddendrobates, when you said 'like we do with inetd', are you talking about 'update-inetd'?04:29
dendrobatesjust the fact that inted uses a separate app to do that.04:31
jdstranddendrobates, has work been started on any of this?04:32
=== CrummyGummy [n=CrummyGu@dsl-242-11-30.telkomadsl.co.za] has joined #ubuntu-server
jdstrandeg has that app been started?  a preliminary package put together?04:32
jdstranddendrobates, just thinking I could look at what has been started and jump in04:43
nealmcbI'm on the road, haven't read all of this conversation and have to take off now, but I'm very interested in helping make ubuntu authn work well, including kerberos et al.  Thanks, jdstrand and all.  And dendrobates, I'll chime in on your email question also probably tomorrow when I get home....04:47
nealmcbtalk to you later04:53
=== leonel [n=leonel@] has joined #ubuntu-server
=== tck_ [n=tck@213-202-130-63.bas502.dsl.esat.net] has joined #ubuntu-server
=== YourMomsHero [n=cirish@] has joined #ubuntu-server
=== dendrobates [n=rclark@adsl-065-005-186-012.sip.asm.bellsouth.net] has left #ubuntu-server []
=== dendrobates [n=rclark@adsl-065-005-186-012.sip.asm.bellsouth.net] has joined #ubuntu-server
=== sahafeez [n=sahafeez@] has joined #ubuntu-server
=== baba_andrea [n=andrea@] has joined #ubuntu-server
=== BFTD [n=thomas@67-150-247-118.oak.mdsg-pacwest.com] has joined #ubuntu-server
=== ivoks [n=ivoks@19-113.dsl.iskon.hr] has joined #ubuntu-server
=== leonel [n=leonel@] has joined #ubuntu-server
=== DustWolf [i=dustbnc@89-212-75-6.static.dsl.t-2.net] has joined #ubuntu-server
=== ||arifaX [n=||arifaX@p54B5A0E1.dip0.t-ipconnect.de] has joined #ubuntu-server
=== ivoks [n=ivoks@19-113.dsl.iskon.hr] has joined #ubuntu-server
=== tru_`z24 [n=truz_`24@74-129-166-232.dhcp.insightbb.com] has joined #ubuntu-server
=== necrite_ [n=necrite@r190-64-198-214.dialup.adsl.anteldata.net.uy] has joined #ubuntu-server
necrite_anyone here use NFS with one rw directory with more than 500g?10:11
ivoksi do10:11
ivoksi think i do... let me check10:12
ivoksyes, i do10:12
necrite_how many g?10:13
necrite_oks oks 10:13
ivoks2,3 to be exact :)10:13
=== tck [n=tck@213-202-130-63.bas502.dsl.esat.net] has joined #ubuntu-server
=== Burgundavia [n=corey@ubuntu/member/burgundavia] has joined #ubuntu-server
jdstranddendrobates, I started scripting auth-client-config today10:29
=== miles [n=miles@] has joined #ubuntu-server
jdstranddendrobates, I thought it should be named auth-client-config instead of ldap-auth-client-config, since it doesn't have to be just for ldap10:29
mileswhat is the name of the tool that installs lamp for you on ubuntu-server?10:30
Burgundaviamiles: tasksel10:30
dendrobatesjdstrand: I created the package last week.  It should be available soon.10:30
jdstranddendrobates, right now it can update nsswitch.conf with rudimentary settings for ldap and kerberos10:30
jdstrandyou wrote ldap-auth-client-config?10:30
jdstranddendrobates, the script that will be used to actually update nsswitch.conf and pam?10:31
jdstranddendrobates, or whatever you are calling it.  you wrote it already10:32
jdstranddendrobates, ?10:32
dendrobatesjdstrand: I created the meta package only that depends on the other packages.10:34
jdstranddendrobates, whew-- I thought I just wasted a bunch of time.  :)10:34
dendrobatesjdstrand:  What are you writing it in?  debconf?10:34
jdstranddendrobates, no-- the script that will actually do the legwork of updating nsswitch.conf and pam10:35
jdstranddendrobates, ie, the update-inetd equivalent for auth-client (or whatever you named it)10:35
dendrobatesI am going to create another package, ldap-auth-config, that will own ldap.conf and nssswitch.conf.10:35
dendrobatesThe script should also be in that package.10:36
jdstranddendrobates, ok.  but isn't nsswitch.conf in base-files?10:36
dendrobatesajmitch: hi10:36
ajmitchdendrobates: so you're going ahead with your plans for the client configuration10:38
jdstranddendrobates, well, I keep plugging away at it, it won't care who owns the files.10:38
dendrobatesajmitch: it is not really client configuration.10:38
ajmitchright, ldap-auth-client-config just seems to imply that10:39
dendrobatesajmitch: I am trying to fix libpam-ldap and libnss-ldap.10:39
=== ivoks [n=ivoks@19-113.dsl.iskon.hr] has joined #ubuntu-server
ajmitcha worthy goal10:39
jdstranddendrobates, the nsswitch.conf part is working well so far, and I have the infrastructure to update other files, so adding pam in won't be too hard.  I should have something in a few days (at most).10:40
dendrobatesThat is intended to pull functionality out of the current packages and put it in a central package.10:40
=== ajmitch most likely won't be there for the meeting
jdstranddendrobates, what are you chaning in libpam-ldap and libnss-ldap?10:40
dendrobatesIt is not intended to be a cli or gui.10:40
ajmitchmeeting is 15:00 UTC, right?10:41
dendrobateslook at the design section of https://wiki.ubuntu.com/LDAPAuthentication10:41
=== ajmitch was confused by the wiki changing it to local time already
ajmitchs/design/implementation/ I hope10:42
dendrobatesyeah ;)10:43
dendrobatesJust so you know, I'm functioning at about 15% of brain capacity today due to jet lag.  I will make more sense tomorrow.10:44
ajmitchjust got back from london?10:44
milesI am about to try and install subversion, i have installed apache2, subversion, and libapache2-svn10:45
dendrobatesajmitch: I read your spec and looked at the code, and I don't think these are conflicting projects.  I want to fix the packages.  You want to provide a ui.10:45
ajmitchyes, most of what I wrote was code to handle mangling pam & nsswitch.conf10:46
ajmitchwhich doesn't matter what pam or nss modules are used10:46
ajmitchif there are useful interfaces for managing ldap configuration, etc, I'm all for it10:47
dendrobatesajmitch: We should have a discussion on another day, about what functionality should be where.  what dpkg-reconfigure should do and what auth-tool should do.10:47
ajmitchit was useful to be able to poke stuff into debconf & use dpkg-reconfigure krb5-config10:48
dendrobatesI'm just too out of it today to be useful.10:48
ajmitchwe may be able to find a more suitable timezone then :)10:48
milesQuestion - is there a major difference between htpasswd2 and htpasswd?10:51
dendrobatesthat's right you are on the other side of the world.10:51
ajmitchwhich is why I doubt I'll be at the meeting at 3AM local time10:52
milesim following this tutorial on setting up subversion with apache on ubuntu, it says use "htpasswd2 -cm yadda yadda" but i dont have htpasswd210:52
milesand its not in ubuntu repository10:53
milesso is it ok to use htpasswd or am i missing something?10:53
ajmitchmost likely it's just renamed for apache2, use htpasswd10:53
milesk thanks10:53
dendrobatesfalling to sleep again.  I'll check back in a few.10:54
ajmitchok, see you later10:55
=== infinity [n=adconrad@cerberus.0c3.net] has joined #ubuntu-server
InnatechSo, I've run into an odd situation. I'm building a custom router. I have two 8GB CF cards fake-raided as a mirror. The mirror is subdivided into boot and root partitions. I then have two 2GB USB pendrives. The first holds /var , /etc , and /tmp and the second is swap. Dapper installs cleanly, but on the first reboot it cannot find an INITAB and stalls out with a runlevel: prompt. Where did I fail? 11:27
ajmitchyou can't have /etc separate from /11:28
=== ||arifaX_ [n=||arifaX@p54B5A0E1.dip0.t-ipconnect.de] has joined #ubuntu-server
Innatechah. Easy enough. Thanks! 11:28
=== Innatech runs off to repartition.
=== miles flexes because he got subversion working
milesajmitch, did u make that up?11:35
ajmitchmiles: no?11:35
mileso, im just wondering how you knew that, thats amazing!11:36
ajmitchthere's no way that the partition with /etc can be mounted, given that you need /etc/fstab to get to it11:36
mileslogic, nice11:36
ajmitchand to get to that point, you need the init scripts that are on /etc11:36
milesi feel like luke skywalker when obi-wan told him he just took a step into a bigger world11:37
=== kupesoft [n=dave@CPE003018b02a53-CM0018c0c44e76.cpe.net.cable.rogers.com] has joined #ubuntu-server
Innatechyup, same sort of feeling here. I should have realized the problem, but at least I know I'll never do that again. 11:58
InnatechI'll have to script something on login to do what I want, which totally makes sense. 11:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!