Re: [Ltsp-discuss] Ang: Kerberos ticket upon login
On 2016-12-09, Finn Andersen wrote: > Sssd is used on the server. I'm using a fat-client, which is authenticating > the "ltsp-way" with ldm/ssh. The kerberos ticket needs to live on the local > machine running the fat-client image. The fat-client image doesn't have > sssd installed. Btw I'm using Debian Jessie for my install. Unfortunately, because of the way LDM works, I don't think it's possible to integrate with kerberos. This week, we've been actively working on LTSP6, in particular, methods for using pam and nss with a conventional display manager. It's still in the proof-of-concept phase, so not really ready for production yet, but would likely be able to resolve these kinds of issues. Since you have kerberos configured on the server, you might be able to manually configure the clients to use conventional display manager such as lightdm or gdm with the appropriate pam and nss hooks to enable kerberos. Obviously, this won't have all the LTSP features available, but may work for your needs. live well, vagrant signature.asc Description: PGP signature -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
[Ltsp-discuss] Ang: Re: Ang: Kerberos ticket upon login
Hi! Best regards from/Med vänliga hälsningar från Johan Kragsterman Capvert -Finn Andersenskrev: - Till: ltsp-discuss@lists.sourceforge.net Från: Finn Andersen Datum: 2016-12-09 10:48 Ärende: Re: [Ltsp-discuss] Ang: Kerberos ticket upon login Hmm...yes, and no. Sssd is used on the server. I'm using a fat-client, which is authenticating the "ltsp-way" with ldm/ssh. The kerberos ticket needs to live on the local machine running the fat-client image. The fat-client image doesn't have sssd installed. Btw I'm using Debian Jessie for my install. But, thanks for the tip. I'll look into mailinglist for sssd. Ok, I see. You can of coarse install/configure sssd and the clients, but the question is if it needs filesystem write access where it couldn't get it on a fat client...? That is perhaps configurable, though... /Johan Cheers, Finn Andersen On Fri, Dec 9, 2016 at 11:05 AM, Johan Kragsterman wrote: Hi! -Finn Andersen skrev: - Till: ltsp-discuss@lists.sourceforge.net Från: Finn Andersen Datum: 2016-12-09 09:56 Ärende: [Ltsp-discuss] Kerberos ticket upon login Hi! I'm almost done setting up a ltsp in our corporate environment. I use sssd/samba/kerberos to authenticate against Windows AD. Screensaver unlocking is working with kerberos. SSO with Firefox is working including corporate root ca certificate, which I thought was going to be the biggest problem. The only thing left is having a kerberos ticket created upon login. Is that something that is possible? Does anyone know how to accomplish this? PAM-magic?? Since you use sssd, it must be sssd that handles kerberos. Perhaps pam is involved, but sssd is responsible to handle the pam modules. I suggest you use the sssd mailing lists. If you are using ubuntu, though, sssd is a little bit of a mess, imho. It is much easier on fedora/rhel/centos. /Johan Thanks, Finn Andersen -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Ang: Kerberos ticket upon login
Hmm...yes, and no. Sssd is used on the server. I'm using a fat-client, which is authenticating the "ltsp-way" with ldm/ssh. The kerberos ticket needs to live on the local machine running the fat-client image. The fat-client image doesn't have sssd installed. Btw I'm using Debian Jessie for my install. But, thanks for the tip. I'll look into mailinglist for sssd. Cheers, Finn Andersen On Fri, Dec 9, 2016 at 11:05 AM, Johan Kragsterman < johan.kragster...@capvert.se> wrote: > > Hi! > > > > > -Finn Andersenskrev: - > Till: ltsp-discuss@lists.sourceforge.net > Från: Finn Andersen > Datum: 2016-12-09 09:56 > Ärende: [Ltsp-discuss] Kerberos ticket upon login > > Hi! > > I'm almost done setting up a ltsp in our corporate environment. > I use sssd/samba/kerberos to authenticate against Windows AD. > > Screensaver unlocking is working with kerberos. > SSO with Firefox is working including corporate root ca certificate, which > I thought was going to be the biggest problem. > > The only thing left is having a kerberos ticket created upon login. Is > that something that is possible? Does anyone know how to accomplish this? > PAM-magic?? > > > > > Since you use sssd, it must be sssd that handles kerberos. Perhaps pam is > involved, but sssd is responsible to handle the pam modules. I suggest you > use the sssd mailing lists. If you are using ubuntu, though, sssd is a > little bit of a mess, imho. It is much easier on fedora/rhel/centos. > > /Johan > > > > > > > > > Thanks, > Finn Andersen > > > > -- > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/xeonphi > _ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > > > > -- > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/xeonphi > _ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
[Ltsp-discuss] Ang: Kerberos ticket upon login
Hi! -Finn Andersenskrev: - Till: ltsp-discuss@lists.sourceforge.net Från: Finn Andersen Datum: 2016-12-09 09:56 Ärende: [Ltsp-discuss] Kerberos ticket upon login Hi! I'm almost done setting up a ltsp in our corporate environment. I use sssd/samba/kerberos to authenticate against Windows AD. Screensaver unlocking is working with kerberos. SSO with Firefox is working including corporate root ca certificate, which I thought was going to be the biggest problem. The only thing left is having a kerberos ticket created upon login. Is that something that is possible? Does anyone know how to accomplish this? PAM-magic?? Since you use sssd, it must be sssd that handles kerberos. Perhaps pam is involved, but sssd is responsible to handle the pam modules. I suggest you use the sssd mailing lists. If you are using ubuntu, though, sssd is a little bit of a mess, imho. It is much easier on fedora/rhel/centos. /Johan Thanks, Finn Andersen -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
[Ltsp-discuss] Kerberos ticket upon login
Hi! I'm almost done setting up a ltsp in our corporate environment. I use sssd/samba/kerberos to authenticate against Windows AD. Screensaver unlocking is working with kerberos. SSO with Firefox is working including corporate root ca certificate, which I thought was going to be the biggest problem. The only thing left is having a kerberos ticket created upon login. Is that something that is possible? Does anyone know how to accomplish this? PAM-magic?? Thanks, Finn Andersen -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi_ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net