doctormo | pleia2, BiosElement, Vantrax: ok so when people are first signing up for development using this projects tool, I have it requiring a 3 step process. | 01:58 |
---|---|---|
pleia2 | ok | 01:59 |
doctormo | a) Authorise with launchpad (gives website with registration details if required b) add user to bazaar config and c) compare upload ssh key. | 01:59 |
Vantrax | projects tool? | 01:59 |
Vantrax | ive missed a step somewhere | 01:59 |
doctormo | I can figure out the username from the launchpad auth and add that automatically to the bzr config using the code behind bzr launchpad-login | 01:59 |
doctormo | The ssh key upload needs to be done via code too, since I need to look at existing ssh keys and compare them to installed svailable private keys | 02:00 |
doctormo | Of course the launchpad auth is done via firefox, OAuth forwards you to login via launchpad and then accept access to the program | 02:01 |
doctormo | Vantrax: http://doctormo.wordpress.com/2009/09/18/launchpad-naultius-sneak-preview/ | 02:01 |
BiosElement | Sounds great doctormo ^_^ | 02:04 |
Vantrax | im impressed | 02:09 |
Vantrax | you have some hidden coding talent i see | 02:09 |
doctormo | Vantrax: hidden? my profession before Canonical was programming perl for years and years :-D | 02:26 |
cprofitt | hey doctormo | 02:26 |
doctormo | Oh hey cprofitt, how goes work schedual? | 02:27 |
cprofitt | work is fine... | 02:27 |
cprofitt | I should be able to make the meeting Monday night | 02:27 |
cprofitt | and the 'stress' of the start of school should ease this week | 02:27 |
cprofitt | though... to be honest... | 02:28 |
Vantrax | cprofitt: you around | 03:10 |
cprofitt | yes | 03:11 |
cprofitt | Vantrax, what is up? | 03:12 |
swoody | ah, good evening Vantrax and cprofitt :) | 03:12 |
Vantrax | you know kerberos configurations at all? | 03:12 |
cprofitt | a little... at least for AD | 03:12 |
cprofitt | not for Linux | 03:12 |
Vantrax | thats what im playing with | 03:12 |
Vantrax | the configs are the same for both | 03:12 |
Vantrax | MS implements MIT Kerberos | 03:12 |
cprofitt | yep | 03:12 |
Vantrax | which is what linux uses | 03:12 |
Vantrax | anyway, how much you know about capaths and multiple realms | 03:13 |
cprofitt | nothing to be honest... I have one single tree/domain currently | 03:13 |
Vantrax | aww | 03:13 |
Vantrax | I have a student and a staff one | 03:13 |
cprofitt | are you using AD? | 03:14 |
Vantrax | the student one as a one way hiearchical trust relationship with the staff one | 03:14 |
Vantrax | yeah, were rolling over to it atm | 03:14 |
cprofitt | so the student one trusts the staff? | 03:14 |
Vantrax | yes | 03:14 |
cprofitt | but the staff one does not trust the student | 03:14 |
Vantrax | no | 03:15 |
Vantrax | so staff can log in on student machines, but students can not log in on staff machines | 03:15 |
cprofitt | you could have done that w/o sep. domains | 03:15 |
Vantrax | its kinda hard with 10k users... | 03:16 |
Vantrax | and alot of services hanging off them | 03:16 |
Vantrax | anyway here is the krb5.conf file, its the same on windows and linux http://paste.ubuntu.com/27500 | 03:16 |
cprofitt | redtubez? | 03:17 |
Vantrax | lol | 03:17 |
cprofitt | http://paste.ubuntu.com/27500/ | 03:17 |
Vantrax | ops, that was missing a 0 | 03:17 |
cprofitt | that is just another link... | 03:17 |
Vantrax | http://paste.ubuntu.com/275000/ | 03:17 |
cprofitt | k | 03:17 |
Vantrax | im pretty sure im doing the capaths wrong | 03:18 |
Vantrax | no one seems to know anything about them tho >.< | 03:19 |
cprofitt | hmm... | 03:19 |
cprofitt | any idea where the files are kept in AD? | 03:19 |
cprofitt | http://mailman.mit.edu/pipermail/kerberos/2007-March/011376.html | 03:20 |
cprofitt | do you have a forest + two domains? | 03:21 |
cprofitt | or is the student a sub-domain? | 03:21 |
Vantrax | two domains | 03:22 |
cprofitt | k. | 03:22 |
Vantrax | er two subdomains | 03:22 |
Vantrax | i think | 03:22 |
cprofitt | right... | 03:22 |
cprofitt | You tree is ad.griffith | 03:23 |
cprofitt | and you have two sub-domains -- staff-test and student-test | 03:23 |
Vantrax | yer | 03:23 |
cprofitt | yeah the capaths do not make sense given that then... | 03:24 |
Vantrax | ^.^ | 03:24 |
Vantrax | i know that | 03:24 |
cprofitt | let me break out an old book... give me a minute | 03:24 |
Vantrax | i stand corrected, it is 2 forests each with a single domain | 03:24 |
doctormo | You guys, I'm having a hard enough time setting up ldap for a 5 machine setup to provide universal login. | 03:24 |
Vantrax | the domains are then the root of each respective forest | 03:24 |
cprofitt | ouch... | 03:24 |
cprofitt | that may be the issue... | 03:24 |
Vantrax | lol | 03:24 |
Vantrax | i can give you some docco | 03:25 |
Vantrax | i have done that for labs before, thats what we are migrating away from | 03:25 |
cprofitt | I think it may be better to make a forest with two sub-domains | 03:25 |
cprofitt | but let me get to that section... | 03:25 |
Vantrax | yeah, but i dont control that bit:P | 03:26 |
Vantrax | doctormo: your doing it using pam_ldap right? | 03:26 |
cprofitt | Vantrax, you don't? | 03:26 |
Vantrax | no, a project team does. I just have to make it work | 03:26 |
cprofitt | are they still in testing... and you can 'give advice' or have they committed to the design already | 03:27 |
doctormo | Vantrax: Trying, but it's been something I've been doing on and off. | 03:27 |
Vantrax | they are pretty committed to the design:P | 03:27 |
cprofitt | AD 2003 or AD 2008? | 03:27 |
Vantrax | 2008 | 03:27 |
Vantrax | 2003 is pointless because win7 will not connect to it | 03:27 |
doctormo | anyway, I better go before this Microsoft fan topic makes me see red. | 03:27 |
doctormo | And sleep | 03:27 |
Vantrax | <- is no MS fan | 03:27 |
Vantrax | I am learning KERBEROS... a FOSS project | 03:28 |
Vantrax | it just happens to be used by MS as well | 03:28 |
doctormo | Vantrax: I know, I've installed krbs5 | 03:28 |
Vantrax | i will say i am becoming a fan of win7 tho >.< | 03:28 |
Vantrax | damn those free copies | 03:28 |
* doctormo isn't a fan of the company and doesn't care how good the tech is. sleep | 03:29 | |
cprofitt | Vantrax, are you just needing to make the Linux side work? | 03:29 |
Vantrax | year | 03:30 |
Vantrax | yer | 03:30 |
cprofitt | k | 03:30 |
Vantrax | so i can make each side log in effectively but i cant have a staff log in with the default set to student | 03:31 |
cprofitt | Vantrax, have they got it working on the Windows side? | 03:32 |
Vantrax | no:P | 03:32 |
Vantrax | they are waiting on me, it will be the same | 03:32 |
cprofitt | Then that makes it hard to ensure they have the trust setup properly | 03:34 |
cprofitt | If I were doing it... I would ensure that first... | 03:34 |
cprofitt | I think you may need an entry for both in the realms section... but trying to hunt that down now... | 03:35 |
Vantrax | i do | 03:35 |
cprofitt | you do have that.... | 03:35 |
Vantrax | and you do | 03:35 |
cprofitt | this may help -- http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/capaths.html | 03:37 |
Vantrax | yeah, thats where i go this far off | 03:40 |
cprofitt | is not this what you need then.... | 03:44 |
cprofitt | http://paste.ubuntu.com/275008/ | 03:44 |
cprofitt | unless I am reading the example wrong | 03:44 |
cprofitt | I think that allows a machine joined to the student domain to authenticate to both domains... | 03:45 |
cprofitt | if I read their example correctly | 03:45 |
Vantrax | give me a few min to test | 03:49 |
Vantrax | nope, says client not found in the database, isnt hitting the second domain | 03:50 |
cprofitt | hmm... | 03:50 |
cprofitt | what error were you getting with the capath section you had? | 03:51 |
Vantrax | both sides do work, i can change the default_realm value to STAFF-TEST and get a valid login | 03:51 |
Vantrax | same one | 03:51 |
Vantrax | Client not found in Kerberos database while getting initial credentials | 03:52 |
cprofitt | is your machine 'joined' to the domain | 03:55 |
cprofitt | I think your capath section might actually be right.... | 03:55 |
cprofitt | but there may be an issue with the 'membership' | 03:55 |
cprofitt | once I take all their extra stuff out of that example your capath is correct | 03:56 |
cprofitt | I had not noticed the es.net at the bottom ... | 03:56 |
cprofitt | yeah... your capath is accurate to that example... | 03:57 |
cprofitt | my mistake on the one I gave you. | 03:57 |
cprofitt | Can you get the machine to login to either domain at this point? | 03:59 |
cprofitt | Vantrax, I found this -- http://paste.ubuntu.com/275013/ | 04:01 |
Vantrax | clear as mud >.< | 04:03 |
Vantrax | this is starting to give me a headache | 04:04 |
cprofitt | lol | 04:04 |
cprofitt | Vantrax, shot in the dark -- http://paste.ubuntu.com/275017/ | 04:06 |
Vantrax | im thinking that student-test = staff-test has to be in there somewhere | 04:07 |
Vantrax | not that one: | 04:08 |
cprofitt | http://www.cmf.nrl.navy.mil/ccs/people/kenh/kerberos-faq.html#confxrealm | 04:08 |
cprofitt | yeah... that is what I think... | 04:08 |
cprofitt | I would think student-test has to equal both | 04:08 |
cprofitt | since student-test can authenticate to either | 04:09 |
cprofitt | did you try the last paste I posted? | 04:09 |
Vantrax | yeah | 04:10 |
Vantrax | lunch time for me, you going to be round a while? | 04:10 |
cprofitt | this might help too -- http://groups.google.com/group/comp.protocols.kerberos/browse_thread/thread/3d546e7bd92d74c3 | 04:11 |
cprofitt | no... I need to go to sleep | 04:11 |
cprofitt | 11:11pm here | 04:11 |
Vantrax | ok, mind helping me tomorrow? | 04:12 |
Vantrax | he he he, seen that already too | 04:12 |
cprofitt | I can try... | 04:12 |
cprofitt | I wish I had such a setup to test... but I went with one forest just to avoid things like these | 04:13 |
Vantrax | yeah, fun isnt it... | 04:13 |
* Vantrax goes to eat before he tears out his hair... | 04:13 | |
Vantrax | see you tomorrow then, have a good night | 04:14 |
cprofitt | thanks... good luck | 04:14 |
=== txwikinger2 is now known as txwikinger_work | ||
pleia2 | darn, the mailing list archives going nutty last week has really caused a problem | 15:06 |
pleia2 | BiosElement's email wasn't archived :( | 15:06 |
doctormo | We all ready for tonight's big teach off? | 15:27 |
pleia2 | we need a dev environment for the demos | 15:29 |
doctormo | BiosElement: your attribution is funny in the example asciidoc """Martin Owens <william@bioselement.com>""" | 15:49 |
BiosElement | doctormo, Yeah, I know. I didn't have your E-Mail when I typed it up and was in a bit of a hurry. It's not the official version | 16:26 |
doctormo | BiosElement: Yes, my fake email address is none@none.cone :-D | 16:27 |
BiosElement | hehe, I'm a fan of root@localhost myself :P | 16:28 |
doctormo | BiosElement: Not a valid email on most sites | 16:28 |
BiosElement | doctormo, Sadly :P | 16:28 |
doctormo | I'm still trying to work out a few things for this key management... | 16:28 |
BiosElement | Sounds fun >.> | 16:31 |
doctormo | BiosElement: Seems they misplaced the idea that some things might need to be managed via the API, so I'm having to think of work arounds. | 16:32 |
BiosElement | doctormo, Pretty typical to be honest >.> API's always seem to be mostly ignored | 16:32 |
doctormo | BiosElement: I'm of the "you do everything, don't bother asking me why someone would want to use it, we just do everything" | 16:33 |
BiosElement | doctormo, Sounds right. ...And the new york times just crashed firefox >.> | 16:36 |
doctormo | Damn yanks, over confident, over sexed and now they don't even need to be over here. | 16:37 |
doctormo | BiosElement: that's a paraphraise joke btw | 16:42 |
BiosElement | doctormo, I figured. And before I forget, I'm toying with the idea of making a web based editor for the DocBook/asciitext files. I'll start with DocBook and then work on asciitext | 16:43 |
doctormo | BiosElement: Sounds like a good idea, make any reading/writing into libs so it'll be possible to make a gui version | 16:44 |
BiosElement | doctormo, I'm basing it off turbogears so it shouldn't be hard to port over to a gui if we have too. | 16:44 |
doctormo | I don't know what that is | 16:45 |
doctormo | bbl | 16:45 |
cprofitt | Vantrax, you here? | 17:04 |
doctormo | back | 18:15 |
BiosElement | Welcome back doctormo | 18:36 |
Vantrax | whoops.... left IRC on at work over night | 22:59 |
doctormo | Vantrax: No worries, it made you look like you were really attentive :-D | 23:05 |
Vantrax | yay | 23:05 |
Vantrax | make up for the three weeks i was MIA with the baby | 23:05 |
doctormo | How is everyone? | 23:07 |
cprofitt | Vantrax, you there? | 23:21 |
Vantrax | indeed | 23:22 |
Vantrax | whats up cprofitt | 23:36 |
cprofitt | hey Vantrax -- did you ever figure out the capaths | 23:36 |
Vantrax | cprofitt: nope, but it might be a fault on the configuration... maybe... | 23:38 |
Vantrax | turns out they never checked if the inheritance actually worked... | 23:38 |
rdw200169 | hey, i just saw Martin's post on the planet, and i wanted to throw some change in the bucket, concerning all this documentation madness | 23:45 |
rdw200169 | i would like to suggest some interesting workflow ideas that I use for my projects and the benefits of each accordingly | 23:46 |
knudsonm_ | Knudson is here | 23:46 |
rdw200169 | let me preface this by noting (strongly) that I prefer restructured Text | 23:46 |
cprofitt | Vantrax, it would be good if they find out if their machines are actually working before you are asked to do it | 23:47 |
cprofitt | Vantrax, what room is our class in? | 23:47 |
Vantrax | cprofitt: no idea | 23:47 |
rippls_ | Hi - I'm here for moodle things... | 23:47 |
Vantrax | he he he | 23:48 |
Vantrax | is pleia around? | 23:48 |
cprofitt | pleia2, ping pong gong | 23:49 |
knudsonm_ | Mark and Steve are here from Woodland, Washington to help you with Moodle. | 23:51 |
cprofitt | knudsonm_, so the Moodle training is here? | 23:56 |
BiosElement | I'm assuming so. | 23:57 |
knudsonm_ | yes, we're here | 23:57 |
knudsonm_ | how would you like to start | 23:57 |
BiosElement | And Vantrax pleia2 can't be here. | 23:57 |
cprofitt | sounds good... and this is user based -- as in for the instructor... correct? | 23:58 |
knudsonm_ | we have and admin in Steve and a user in me ready to serve you | 23:58 |
knudsonm_ | Steve set up Moodle server and runs it, I teach teachers how to use it | 23:59 |
cprofitt | Sounds good. I hope people come... the one question I would start off with (since I have only one course to my credit) is what format/tool would you feel best for teaching IT type courses? | 23:59 |
knudsonm_ | I also use it in a middle school computer class, and math class | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!