> On Fri, Sep 21, 2012 at 2:32 PM, Vagrant Cascadian <vagr...@freegeek.org> > wrote: >> >> On Thu, Sep 20, 2012 at 07:52:40PM -0400, Stile wrote: >> > I'm in the process of trying to set up a LTSP server on Ubuntu 12.04. >> > I've run into a bit of a problem. Ldm does not work for password >> > expiration. An expired password cannot be updated with ldm. It simply >> > restarts. >> >> This is a long-standing and difficult problem... >> >> >> > I filed a bug at https://bugs.launchpad.net/ltsp/+bug/1053447 and It >> > seems Ubuntu doesn't want anything to do with it. I find that a bit >> > disturbing. >> >> That seems like a strange interpretation. Stéphane Graber described our >> plans >> for the future and suggested a possible workaround using a pre-login >> script. >> >> It's essentially unfixable given how LDM works- we would have to rewrite >> LDM >> because the ssh prompts for password expiration are inconsistant, and >> there's >> no predictible way across different versions of ssh, different versions of >> pam, >> different distros, different configurations of the aforementioned... >> there's no >> way to screen-scrape all permutations. So "wontfix" is an appropriate tag. >> >> For LTSP6 we're looking to use libpam-sshauth, which should be able to >> handle >> this properly. It's a non-trivial task; Help would be appreciated. >> >> >> > This server is going in an environment that has to maintain PCI >> > compliance. Part of complying with that standard is 90 day password >> > changes. Without the ability to update a users password, ltsp on a >> > 12.04 server is worthless in our case. >> > >> > There has to be other environments that require password expiration >> > out there. How is anyone getting around this? >> >> There are numerous workarounds- you could write an ldm hook that checks >> for >> password expiry, you could send people an email when their password is >> about to >> expire. >> >> I've basically just dealt with the fact that I need to manually reset >> people's >> passwords once in a while. >> >> >> So, there are some workarounds, there are some future plans for how to >> resolve >> this issue, but nothing comes easy. >> >> Good luck! >> >> >> live well, >> vagrant >> >> On Fri, Sep 21, 2012 at 2:39 PM, Jay Goldberg <jaymgoldb...@gmail.com> wrote: > What he said ;-). > > From what I understand, LDM is not a "real" DM, as it doesn't use XDMCP, but > a nice mix of SSH and audio/storage forwarding. > > The solution is simpler and more fault-tolerant, but lacks some of those > glitzy features. > > LTSP4 was XDMCP, but I'd gladly take LTSP5 over that! > > Regards, > I'm not trying to be argumentative here but is being able to change an expired password really a "glitzy feature"? How does one go about resetting a user password? The time honored tradition of setting a default password and expiring the account doesn't work. It's the little things like this that give Linux it's "hard to use" reputation.
I understand the difficulties of the approach that is used with ldm. Screen scraping is never an easy route long term. People like to change things. But, does that mean that this is going to stay broken until LTSP6 comes out? That's what it sounds like. Hence my comment on Stephane's answer to the bug. Is there any roadmap out there in regard to the plans for LTSP 6? ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
