On 12-09-21 07:28 PM, James McQuillan wrote: > Scott Balneaves has spent quite a bit of time PAM-ifing the login > manager to facilitate password expiration. it's not ready for production > use yet but he's made some great progress. > > Many of the LTSP developers will be getting together at the dev > conference starting on Oct 4th. I'm sure both password changing and the > roadmap for LTSP-6 will be high on the agenda. > > Jim McQuillan > j...@ltsp.org
Right, that was the reason for my response on the Launchpad bug. Ubuntu introduced RDP support into lightdm this cycle, so my hope is to switch to Scott's libnss-ssh and libpam-ssh and kill ldm for good at this upcoming hackfest. I think that if I can spend a good 5-6 hours on the problem, we should have something that's "functional" at the hackfest (where functional, means getting a greeter and being able to login). > On Fri, Sep 21, 2012 at 6:16 PM, Stile <stil...@gmail.com > <mailto:stil...@gmail.com>> wrote: > > > On Fri, Sep 21, 2012 at 2:32 PM, Vagrant Cascadian > <vagr...@freegeek.org <mailto:vagr...@freegeek.org>> > > wrote: > >> > >> On Thu, Sep 20, 2012 at 07:52:40PM -0400, Stile wrote: > >> > I'm in the process of trying to set up a LTSP server on Ubuntu > 12.04. > >> > I've run into a bit of a problem. Ldm does not work for password > >> > expiration. An expired password cannot be updated with ldm. It > simply > >> > restarts. > >> > >> This is a long-standing and difficult problem... > >> > >> > >> > I filed a bug at https://bugs.launchpad.net/ltsp/+bug/1053447 > and It > >> > seems Ubuntu doesn't want anything to do with it. I find that a bit > >> > disturbing. > >> > >> That seems like a strange interpretation. Stéphane Graber > described our > >> plans > >> for the future and suggested a possible workaround using a pre-login > >> script. > >> > >> It's essentially unfixable given how LDM works- we would have to > rewrite > >> LDM > >> because the ssh prompts for password expiration are inconsistant, and > >> there's > >> no predictible way across different versions of ssh, different > versions of > >> pam, > >> different distros, different configurations of the aforementioned... > >> there's no > >> way to screen-scrape all permutations. So "wontfix" is an > appropriate tag. > >> > >> For LTSP6 we're looking to use libpam-sshauth, which should be > able to > >> handle > >> this properly. It's a non-trivial task; Help would be appreciated. > >> > >> > >> > This server is going in an environment that has to maintain PCI > >> > compliance. Part of complying with that standard is 90 day password > >> > changes. Without the ability to update a users password, ltsp on a > >> > 12.04 server is worthless in our case. > >> > > >> > There has to be other environments that require password expiration > >> > out there. How is anyone getting around this? > >> > >> There are numerous workarounds- you could write an ldm hook that > checks > >> for > >> password expiry, you could send people an email when their > password is > >> about to > >> expire. > >> > >> I've basically just dealt with the fact that I need to manually reset > >> people's > >> passwords once in a while. > >> > >> > >> So, there are some workarounds, there are some future plans for > how to > >> resolve > >> this issue, but nothing comes easy. > >> > >> Good luck! > >> > >> > >> live well, > >> vagrant > >> > >> > On Fri, Sep 21, 2012 at 2:39 PM, Jay Goldberg > <jaymgoldb...@gmail.com <mailto:jaymgoldb...@gmail.com>> wrote: > > What he said ;-). > > > > From what I understand, LDM is not a "real" DM, as it doesn't use > XDMCP, but > > a nice mix of SSH and audio/storage forwarding. > > > > The solution is simpler and more fault-tolerant, but lacks some of > those > > glitzy features. > > > > LTSP4 was XDMCP, but I'd gladly take LTSP5 over that! > > > > Regards, > > > I'm not trying to be argumentative here but is being able to change an > expired password really a "glitzy feature"? How does one go about > resetting a user password? The time honored tradition of setting a > default password and expiring the account doesn't work. It's the > little things like this that give Linux it's "hard to use" reputation. > > I understand the difficulties of the approach that is used with ldm. > Screen scraping is never an easy route long term. People like to > change things. But, does that mean that this is going to stay broken > until LTSP6 comes out? That's what it sounds like. Hence my comment on > Stephane's answer to the bug. > > Is there any roadmap out there in regard to the plans for LTSP 6? > > > ------------------------------------------------------------------------------ > Got visibility? > Most devs has no idea what their production app looks like. > Find out how fast your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219671;13503038;y? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > <http://irc.freenode.net> > > > > > ------------------------------------------------------------------------------ > Got visibility? > Most devs has no idea what their production app looks like. > Find out how fast your code is with AppDynamics Lite. > http://ad.doubleclick.net/clk;262219671;13503038;y? > http://info.appdynamics.com/FreeJavaPerformanceDownload.html > > > > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
