[01:58] pleia2, BiosElement, Vantrax: ok so when people are first signing up for development using this projects tool, I have it requiring a 3 step process. [01:59] ok [01:59] a) Authorise with launchpad (gives website with registration details if required b) add user to bazaar config and c) compare upload ssh key. [01:59] projects tool? [01:59] ive missed a step somewhere [01:59] I can figure out the username from the launchpad auth and add that automatically to the bzr config using the code behind bzr launchpad-login [02:00] The ssh key upload needs to be done via code too, since I need to look at existing ssh keys and compare them to installed svailable private keys [02:01] Of course the launchpad auth is done via firefox, OAuth forwards you to login via launchpad and then accept access to the program [02:01] Vantrax: http://doctormo.wordpress.com/2009/09/18/launchpad-naultius-sneak-preview/ [02:04] Sounds great doctormo ^_^ [02:09] im impressed [02:09] you have some hidden coding talent i see [02:26] Vantrax: hidden? my profession before Canonical was programming perl for years and years :-D [02:26] hey doctormo [02:27] Oh hey cprofitt, how goes work schedual? [02:27] work is fine... [02:27] I should be able to make the meeting Monday night [02:27] and the 'stress' of the start of school should ease this week [02:28] though... to be honest... [03:10] cprofitt: you around [03:11] yes [03:12] Vantrax, what is up? [03:12] ah, good evening Vantrax and cprofitt :) [03:12] you know kerberos configurations at all? [03:12] a little... at least for AD [03:12] not for Linux [03:12] thats what im playing with [03:12] the configs are the same for both [03:12] MS implements MIT Kerberos [03:12] yep [03:12] which is what linux uses [03:13] anyway, how much you know about capaths and multiple realms [03:13] nothing to be honest... I have one single tree/domain currently [03:13] aww [03:13] I have a student and a staff one [03:14] are you using AD? [03:14] the student one as a one way hiearchical trust relationship with the staff one [03:14] yeah, were rolling over to it atm [03:14] so the student one trusts the staff? [03:14] yes [03:14] but the staff one does not trust the student [03:15] no [03:15] so staff can log in on student machines, but students can not log in on staff machines [03:15] you could have done that w/o sep. domains [03:16] its kinda hard with 10k users... [03:16] and alot of services hanging off them [03:16] anyway here is the krb5.conf file, its the same on windows and linux http://paste.ubuntu.com/27500 [03:17] redtubez? [03:17] lol [03:17] http://paste.ubuntu.com/27500/ [03:17] ops, that was missing a 0 [03:17] that is just another link... [03:17] http://paste.ubuntu.com/275000/ [03:17] k [03:18] im pretty sure im doing the capaths wrong [03:19] no one seems to know anything about them tho >.< [03:19] hmm... [03:19] any idea where the files are kept in AD? [03:20] http://mailman.mit.edu/pipermail/kerberos/2007-March/011376.html [03:21] do you have a forest + two domains? [03:21] or is the student a sub-domain? [03:22] two domains [03:22] k. [03:22] er two subdomains [03:22] i think [03:22] right... [03:23] You tree is ad.griffith [03:23] and you have two sub-domains -- staff-test and student-test [03:23] yer [03:24] yeah the capaths do not make sense given that then... [03:24] ^.^ [03:24] i know that [03:24] let me break out an old book... give me a minute [03:24] i stand corrected, it is 2 forests each with a single domain [03:24] You guys, I'm having a hard enough time setting up ldap for a 5 machine setup to provide universal login. [03:24] the domains are then the root of each respective forest [03:24] ouch... [03:24] that may be the issue... [03:24] lol [03:25] i can give you some docco [03:25] i have done that for labs before, thats what we are migrating away from [03:25] I think it may be better to make a forest with two sub-domains [03:25] but let me get to that section... [03:26] yeah, but i dont control that bit:P [03:26] doctormo: your doing it using pam_ldap right? [03:26] Vantrax, you don't? [03:26] no, a project team does. I just have to make it work [03:27] are they still in testing... and you can 'give advice' or have they committed to the design already [03:27] Vantrax: Trying, but it's been something I've been doing on and off. [03:27] they are pretty committed to the design:P [03:27] AD 2003 or AD 2008? [03:27] 2008 [03:27] 2003 is pointless because win7 will not connect to it [03:27] anyway, I better go before this Microsoft fan topic makes me see red. [03:27] And sleep [03:27] <- is no MS fan [03:28] I am learning KERBEROS... a FOSS project [03:28] it just happens to be used by MS as well [03:28] Vantrax: I know, I've installed krbs5 [03:28] i will say i am becoming a fan of win7 tho >.< [03:28] damn those free copies [03:29] * doctormo isn't a fan of the company and doesn't care how good the tech is. sleep [03:29] Vantrax, are you just needing to make the Linux side work? [03:30] year [03:30] yer [03:30] k [03:31] so i can make each side log in effectively but i cant have a staff log in with the default set to student [03:32] Vantrax, have they got it working on the Windows side? [03:32] no:P [03:32] they are waiting on me, it will be the same [03:34] Then that makes it hard to ensure they have the trust setup properly [03:34] If I were doing it... I would ensure that first... [03:35] I think you may need an entry for both in the realms section... but trying to hunt that down now... [03:35] i do [03:35] you do have that.... [03:35] and you do [03:37] this may help -- http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/capaths.html [03:40] yeah, thats where i go this far off [03:44] is not this what you need then.... [03:44] http://paste.ubuntu.com/275008/ [03:44] unless I am reading the example wrong [03:45] I think that allows a machine joined to the student domain to authenticate to both domains... [03:45] if I read their example correctly [03:49] give me a few min to test [03:50] nope, says client not found in the database, isnt hitting the second domain [03:50] hmm... [03:51] what error were you getting with the capath section you had? [03:51] both sides do work, i can change the default_realm value to STAFF-TEST and get a valid login [03:51] same one [03:52] Client not found in Kerberos database while getting initial credentials [03:55] is your machine 'joined' to the domain [03:55] I think your capath section might actually be right.... [03:55] but there may be an issue with the 'membership' [03:56] once I take all their extra stuff out of that example your capath is correct [03:56] I had not noticed the es.net at the bottom ... [03:57] yeah... your capath is accurate to that example... [03:57] my mistake on the one I gave you. [03:59] Can you get the machine to login to either domain at this point? [04:01] Vantrax, I found this -- http://paste.ubuntu.com/275013/ [04:03] clear as mud >.< [04:04] this is starting to give me a headache [04:04] lol [04:06] Vantrax, shot in the dark -- http://paste.ubuntu.com/275017/ [04:07] im thinking that student-test = staff-test has to be in there somewhere [04:08] not that one: [04:08] http://www.cmf.nrl.navy.mil/ccs/people/kenh/kerberos-faq.html#confxrealm [04:08] yeah... that is what I think... [04:08] I would think student-test has to equal both [04:09] since student-test can authenticate to either [04:09] did you try the last paste I posted? [04:10] yeah [04:10] lunch time for me, you going to be round a while? [04:11] this might help too -- http://groups.google.com/group/comp.protocols.kerberos/browse_thread/thread/3d546e7bd92d74c3 [04:11] no... I need to go to sleep [04:11] 11:11pm here [04:12] ok, mind helping me tomorrow? [04:12] he he he, seen that already too [04:12] I can try... [04:13] I wish I had such a setup to test... but I went with one forest just to avoid things like these [04:13] yeah, fun isnt it... [04:13] * Vantrax goes to eat before he tears out his hair... [04:14] see you tomorrow then, have a good night [04:14] thanks... good luck === txwikinger2 is now known as txwikinger_work [15:06] darn, the mailing list archives going nutty last week has really caused a problem [15:06] BiosElement's email wasn't archived :( [15:27] We all ready for tonight's big teach off? [15:29] we need a dev environment for the demos [15:49] BiosElement: your attribution is funny in the example asciidoc """Martin Owens """ [16:26] doctormo, Yeah, I know. I didn't have your E-Mail when I typed it up and was in a bit of a hurry. It's not the official version [16:27] BiosElement: Yes, my fake email address is none@none.cone :-D [16:28] hehe, I'm a fan of root@localhost myself :P [16:28] BiosElement: Not a valid email on most sites [16:28] doctormo, Sadly :P [16:28] I'm still trying to work out a few things for this key management... [16:31] Sounds fun >.> [16:32] BiosElement: Seems they misplaced the idea that some things might need to be managed via the API, so I'm having to think of work arounds. [16:32] doctormo, Pretty typical to be honest >.> API's always seem to be mostly ignored [16:33] BiosElement: I'm of the "you do everything, don't bother asking me why someone would want to use it, we just do everything" [16:36] doctormo, Sounds right. ...And the new york times just crashed firefox >.> [16:37] Damn yanks, over confident, over sexed and now they don't even need to be over here. [16:42] BiosElement: that's a paraphraise joke btw [16:43] doctormo, I figured. And before I forget, I'm toying with the idea of making a web based editor for the DocBook/asciitext files. I'll start with DocBook and then work on asciitext [16:44] BiosElement: Sounds like a good idea, make any reading/writing into libs so it'll be possible to make a gui version [16:44] doctormo, I'm basing it off turbogears so it shouldn't be hard to port over to a gui if we have too. [16:45] I don't know what that is [16:45] bbl [17:04] Vantrax, you here? [18:15] back [18:36] Welcome back doctormo [22:59] whoops.... left IRC on at work over night [23:05] Vantrax: No worries, it made you look like you were really attentive :-D [23:05] yay [23:05] make up for the three weeks i was MIA with the baby [23:07] How is everyone? [23:21] Vantrax, you there? [23:22] indeed [23:36] whats up cprofitt [23:36] hey Vantrax -- did you ever figure out the capaths [23:38] cprofitt: nope, but it might be a fault on the configuration... maybe... [23:38] turns out they never checked if the inheritance actually worked... [23:45] hey, i just saw Martin's post on the planet, and i wanted to throw some change in the bucket, concerning all this documentation madness [23:46] i would like to suggest some interesting workflow ideas that I use for my projects and the benefits of each accordingly [23:46] Knudson is here [23:46] let me preface this by noting (strongly) that I prefer restructured Text [23:47] Vantrax, it would be good if they find out if their machines are actually working before you are asked to do it [23:47] Vantrax, what room is our class in? [23:47] cprofitt: no idea [23:47] Hi - I'm here for moodle things... [23:48] he he he [23:48] is pleia around? [23:49] pleia2, ping pong gong [23:51] Mark and Steve are here from Woodland, Washington to help you with Moodle. [23:56] knudsonm_, so the Moodle training is here? [23:57] I'm assuming so. [23:57] yes, we're here [23:57] how would you like to start [23:57] And Vantrax pleia2 can't be here. [23:58] sounds good... and this is user based -- as in for the instructor... correct? [23:58] we have and admin in Steve and a user in me ready to serve you [23:59] Steve set up Moodle server and runs it, I teach teachers how to use it [23:59] Sounds good. I hope people come... the one question I would start off with (since I have only one course to my credit) is what format/tool would you feel best for teaching IT type courses? [23:59] I also use it in a middle school computer class, and math class