2012-02-29 21:32 keltezéssel, Andreas B. Mundt írta: > Hi, > > I try to get the LOGUSER-feature working as described in fai.conf: > > # LOGUSER: an account on the install server which saves all log-files > # and which can change the kernel that is booted via network. > # Configure .rhosts for this account and PAM, so that root can log in > # from all install clients without password. This account should have > # write permissions for /srv/tftp/fai. For example, you can use write > # permissions for the group linuxadm. chgrp linuxadm > # /srv/tftp/fai;chmod > # g+w /srv/tftp/fai. If the variable is undefined, this feature is > # disabled. > # Define it, to enable it, eg. LOGUSER=fai > > The user is created by faisetup and .ssh/ is setup correctly in the > nfsroot. However, with /bin/false as login shell in /etc/passwd scp > and thelike seems to fail. > > Does anybody use this feature successfully? Or has /etc/passwd to be > modified? > > Best regards > > Andi > > > PS.: I think about using the LOGUSER to distribute my keytabs, > cf. last paragraph in > https://lists.uni-koeln.de/pipermail/linux-fai/2012-February/009554.html Hi,
I do use it successfully (I'm still learning fai so it is running in a test environment), but I'v set up the LOGUSER manually: 1. Created a user (with password set to ! in /etc/shadow) 2. su to that user and run ssh-keygen 3. copy the .ssh directory to /root on the nfsroot, and id_rsa.pub or id_dsa.pub to ~/.ssh/authorized_keys for the LOGUSER (mine has home set to /var/log/fai and given write permission to /srv/tftp) For the keytab part I plan (it is not implemented yet) to use puppet after instalation. Regards Geza
