date:20161209

Re: [Ltsp-discuss] Ang: Kerberos ticket upon login

2016-12-09 Thread Vagrant Cascadian

On 2016-12-09, Finn Andersen wrote:
> Sssd is used on the server. I'm using a fat-client, which is authenticating
> the "ltsp-way" with ldm/ssh. The kerberos ticket needs to live on the local
> machine running the fat-client image. The fat-client image doesn't have
> sssd installed. Btw I'm using Debian Jessie for my install.

Unfortunately, because of the way LDM works, I don't think it's possible
to integrate with kerberos.

This week, we've been actively working on LTSP6, in particular, methods
for using pam and nss with a conventional display manager. It's still in
the proof-of-concept phase, so not really ready for production yet, but
would likely be able to resolve these kinds of issues.

Since you have kerberos configured on the server, you might be able to
manually configure the clients to use conventional display manager such
as lightdm or gdm with the appropriate pam and nss hooks to enable
kerberos. Obviously, this won't have all the LTSP features available,
but may work for your needs.

live well,
  vagrant

signature.asc
Description: PGP signature
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

[Ltsp-discuss] Ang: Re: Ang: Kerberos ticket upon login

2016-12-09 Thread Johan Kragsterman


Hi!



Best regards from/Med vänliga hälsningar från

Johan Kragsterman

Capvert


-Finn Andersen  skrev: -
Till: ltsp-discuss@lists.sourceforge.net
Från: Finn Andersen 
Datum: 2016-12-09 10:48
Ärende: Re: [Ltsp-discuss] Ang: Kerberos ticket upon login

Hmm...yes, and no. 
Sssd is used on the server. I'm using a fat-client, which is authenticating the 
"ltsp-way" with ldm/ssh. The kerberos ticket needs to live on the local machine 
running the fat-client image. The fat-client image doesn't have sssd installed. 
Btw I'm using Debian Jessie for my install.

But, thanks for the tip. I'll look into mailinglist for sssd.






Ok, I see. You can of coarse install/configure sssd and the clients, but the 
question is if it needs filesystem write access where it couldn't get it on a 
fat client...? That is perhaps configurable, though...


/Johan






Cheers,
Finn Andersen


On Fri, Dec 9, 2016 at 11:05 AM, Johan Kragsterman 
 wrote:

Hi!




-Finn Andersen  skrev: -
Till: ltsp-discuss@lists.sourceforge.net
Från: Finn Andersen 
Datum: 2016-12-09 09:56
Ärende: [Ltsp-discuss] Kerberos ticket upon login

Hi!

I'm almost done setting up a ltsp in our corporate environment.
I use sssd/samba/kerberos to authenticate against Windows AD.

Screensaver unlocking is working with kerberos.
SSO with Firefox is working including corporate root ca certificate, which I 
thought was going to be the biggest problem.

The only thing left is having a kerberos ticket created upon login. Is that 
something that is possible? Does anyone know how to accomplish this? PAM-magic??




Since you use sssd, it must be sssd that handles kerberos. Perhaps pam is 
involved, but sssd is responsible to handle the pam modules. I suggest you use 
the sssd mailing lists. If you are using ubuntu, though, sssd is a little bit 
of a mess, imho. It is much easier on fedora/rhel/centos.

/Johan








Thanks,
Finn Andersen


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net




--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net




--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Re: [Ltsp-discuss] Ang: Kerberos ticket upon login

2016-12-09 Thread Finn Andersen

Hmm...yes, and no.
Sssd is used on the server. I'm using a fat-client, which is authenticating
the "ltsp-way" with ldm/ssh. The kerberos ticket needs to live on the local
machine running the fat-client image. The fat-client image doesn't have
sssd installed. Btw I'm using Debian Jessie for my install.

But, thanks for the tip. I'll look into mailinglist for sssd.


Cheers,
Finn Andersen


On Fri, Dec 9, 2016 at 11:05 AM, Johan Kragsterman <
johan.kragster...@capvert.se> wrote:

>
> Hi!
>
>
>
>
> -Finn Andersen  skrev: -
> Till: ltsp-discuss@lists.sourceforge.net
> Från: Finn Andersen 
> Datum: 2016-12-09 09:56
> Ärende: [Ltsp-discuss] Kerberos ticket upon login
>
> Hi!
>
> I'm almost done setting up a ltsp in our corporate environment.
> I use sssd/samba/kerberos to authenticate against Windows AD.
>
> Screensaver unlocking is working with kerberos.
> SSO with Firefox is working including corporate root ca certificate, which
> I thought was going to be the biggest problem.
>
> The only thing left is having a kerberos ticket created upon login. Is
> that something that is possible? Does anyone know how to accomplish this?
> PAM-magic??
>
>
>
>
> Since you use sssd, it must be sssd that handles kerberos. Perhaps pam is
> involved, but sssd is responsible to handle the pam modules. I suggest you
> use the sssd mailing lists. If you are using ubuntu, though, sssd is a
> little bit of a mess, imho. It is much easier on fedora/rhel/centos.
>
> /Johan
>
>
>
>
>
>
>
>
> Thanks,
> Finn Andersen
>
>
> 
> --
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/xeonphi
> _
> Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
>   https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help,   try #ltsp channel on irc.freenode.net
>
>
>
>
> 
> --
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/xeonphi
> _
> Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
>   https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help,   try #ltsp channel on irc.freenode.net
>
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

[Ltsp-discuss] Ang: Kerberos ticket upon login

2016-12-09 Thread Johan Kragsterman


Hi!




-Finn Andersen  skrev: -
Till: ltsp-discuss@lists.sourceforge.net
Från: Finn Andersen 
Datum: 2016-12-09 09:56
Ärende: [Ltsp-discuss] Kerberos ticket upon login

Hi!

I'm almost done setting up a ltsp in our corporate environment.
I use sssd/samba/kerberos to authenticate against Windows AD.

Screensaver unlocking is working with kerberos.
SSO with Firefox is working including corporate root ca certificate, which I 
thought was going to be the biggest problem.

The only thing left is having a kerberos ticket created upon login. Is that 
something that is possible? Does anyone know how to accomplish this? PAM-magic??




Since you use sssd, it must be sssd that handles kerberos. Perhaps pam is 
involved, but sssd is responsible to handle the pam modules. I suggest you use 
the sssd mailing lists. If you are using ubuntu, though, sssd is a little bit 
of a mess, imho. It is much easier on fedora/rhel/centos.

/Johan








Thanks,
Finn Andersen


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net




--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

[Ltsp-discuss] Kerberos ticket upon login

2016-12-09 Thread Finn Andersen

Hi!

I'm almost done setting up a ltsp in our corporate environment.
I use sssd/samba/kerberos to authenticate against Windows AD.

Screensaver unlocking is working with kerberos.
SSO with Firefox is working including corporate root ca certificate, which
I thought was going to be the biggest problem.

The only thing left is having a kerberos ticket created upon login. Is that
something that is possible? Does anyone know how to accomplish this?
PAM-magic??


Thanks,
Finn Andersen
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
  https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Re: [Ltsp-discuss] Ang: Kerberos ticket upon login

[Ltsp-discuss] Ang: Re: Ang: Kerberos ticket upon login

Re: [Ltsp-discuss] Ang: Kerberos ticket upon login

[Ltsp-discuss] Ang: Kerberos ticket upon login

[Ltsp-discuss] Kerberos ticket upon login

5 matches

Site Navigation

Mail list logo

Footer information