Re: [Ltsp-discuss] Single user account and pam mount
Gideon Romm wrote: You actually want PAM to be server-side, because your home directories need to be created server-side. I don't have code handy, but pam_mount should mount things in order as they appear in its configuration file. So, you should be able to say: mount a tmpfs on /tmp/$USER-tmpfs mount a unionfs of /tmp/$USER-tmpfs=rw:/home/golden=ro on /home/$USER (and have pam-mount create mountpoints) and tell pam-script to run before pam-mount and remove /tmp/$USER-tmpfs Yeah, this works just perfectly if I had different user accounts. In my setup I don't. So they all have the same home directory, so for this to work I need a way to create virtual home directories or mount the home directories in their own address space. Is this possible? - Marius -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
Marius, You actually want PAM to be server-side, because your home directories need to be created server-side. I don't have code handy, but pam_mount should mount things in order as they appear in its configuration file. So, you should be able to say: mount a tmpfs on /tmp/$USER-tmpfs mount a unionfs of /tmp/$USER-tmpfs=rw:/home/golden=ro on /home/$USER (and have pam-mount create mountpoints) and tell pam-script to run before pam-mount and remove /tmp/$USER-tmpfs OR do it all in pam-script. -Gadi On Tue, 2009-05-05 at 00:38 +0200, Marius Flage wrote: Gideon Romm wrote: Then, the other piece is to make a temporary homedir for each user account that logs in that is based upon your golden one. Well, that can be done with pam_mount and unionfs. the tmpfs overlay can either be something created on the fly, or it can be something static that is flushed upon login by a script. Yeah, that's exactly what I'm doing right now and what I want to reuse for the thin clients as well, but how? All pam stuff happens on the server side, so I need a paradigm for determining which temporary directory should be used for each machine (maybe based on MAC address?). Do you have some example code that would illustrate this? - Marius -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Gideon Romm | Proud LTSP Developer l...@symbio-technologies.com Support LTSP! Buy your hardware at: www.DisklessWorkstations.com www.DisklessThinClients.com (use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com) -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
Gideon Romm wrote: Then, the other piece is to make a temporary homedir for each user account that logs in that is based upon your golden one. Well, that can be done with pam_mount and unionfs. the tmpfs overlay can either be something created on the fly, or it can be something static that is flushed upon login by a script. Yeah, that's exactly what I'm doing right now and what I want to reuse for the thin clients as well, but how? All pam stuff happens on the server side, so I need a paradigm for determining which temporary directory should be used for each machine (maybe based on MAC address?). Do you have some example code that would illustrate this? - Marius -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
Marius, Not sure if you are aware, but ldm these days has a Guest login feature. You can set usernames/passwords in lts.conf for each machine when the Guest login button is pressed, or the user can enter their own. This should solve teachers vs students issue. Then, the other piece is to make a temporary homedir for each user account that logs in that is based upon your golden one. Well, that can be done with pam_mount and unionfs. the tmpfs overlay can either be something created on the fly, or it can be something static that is flushed upon login by a script. HTH, -Gadi On Tue, 2009-04-28 at 21:26 +0200, Marius Flage wrote: Jordan Erickson wrote: I would propose a temporary user of sorts that pulls from the skel/template you created, does a pam makehomedir or whatever it is, and removes it upon logout. This way, you have separate user accounts for each login, and changes can be wiped upon user logout. The immediate problem with this is how to keep control over the different usernames/passwords currently in use. Now it's easy just telling all students to use student/student to log in. If we have to inform them to use random usernames/passwords, then it'll quickly become a user administration nightmare. But maybe you meant some other way of creating the accounts..? It needs to be simple and predictable. - Marius -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Gideon Romm | Proud LTSP Developer l...@symbio-technologies.com Support LTSP! Buy your hardware at: www.DisklessWorkstations.com www.DisklessThinClients.com (use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com) -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
On Tue, Apr 28, 2009 at 09:26:40PM +0200, Marius Flage wrote: Jordan Erickson wrote: I would propose a temporary user of sorts that pulls from the skel/template you created, does a pam makehomedir or whatever it is, and removes it upon logout. This way, you have separate user accounts for each login, and changes can be wiped upon user logout. The immediate problem with this is how to keep control over the different usernames/passwords currently in use. Now it's easy just telling all students to use student/student to log in. If we have to inform them to use random usernames/passwords, then it'll quickly become a user administration nightmare. But maybe you meant some other way of creating the accounts..? It needs to be simple and predictable. if you set LDM_GUESTLOGIN=True in lts.conf, there will be a button to click on that will automatically login with the hostname of the thin client, which should default user/password based on the ip address to ltsp20, ltsp21, ... ltsp255 for most setups without DNS on the thin-client network. a few related configuration options should be described here: http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspDocumentationUpstream that doesn't handle account and homedir creation, but at least gives you a simple and predictable user/passwd login. then you could experimental with some sort of skeleton home dir for users. the problem of course, is if there is user-specific data in the skeleton directory. good luck! live well, vagrant -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
On Wednesday 29 April 2009 15:53:20 ltsp-discuss-requ...@lists.sourceforge.net wrote: I would propose a temporary user of sorts that pulls from the skel/template you created, does a pam makehomedir or whatever it is, and removes it upon logout. This way, you have separate user accounts for each login, and changes can be wiped upon user logout. The immediate problem with this is how to keep control over the different usernames/passwords currently in use. Now it's easy just telling all students to use student/student to log in. If we have to inform them to use random usernames/passwords, then it'll quickly become a user administration nightmare. But maybe you meant some other way of creating the accounts..? It needs to be simple and predictable. How about (and this is very easy to automate) every year or every term whatever Remove all learn-users Add a list that you create every period eg list jonny.c susy.q etc what ever scheme you choose Tag the comment field with #a tag that helps you manage them We do that for our customers. perl was a friend. Admin overhead is creation of a unique list periodically (my plebs can use nano easily) and a Create-script and you want a Reset-script. Object achieved without drama. Read and heed Scott's message Every user logs in as their name and with the password you choose in your scheme eg passwd per class per school whatever James -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
[Ltsp-discuss] Single user account and pam mount
Hi there I've asked this question a couple of times on the IRC channel and mostly just gotten friendly abuse for having such a bad design as to only use one user account. So instead I ask this question here, where I can properly outline the reason why only one user account and also explain the other design decisions. I'm the system administrator for a school with students aged 6 to 14. The computers in our network are mostly used for working in applications like OpenOffice.org and retrieving resources off the web. We have quite a few machines spread out throughout the school, and a couple of computer labs where we have some permanent installations. In these labs I've set up fat clients with Ubuntu Jaunty. For simplicity and ease of user management (the school has no permanent IT personnel to handle day-to-day maintenance), we only use one shared account for all students. The implications of this design is that we have to make sure that changes done by one of the students won't get replicated to the home directory. The way I've accomplished this is by using unionfs. Unionfs let's me combine two (or more?) directories into one (as outlined in [1] - the only change here is that I'm using a directory under /tmp instead of tmpfs). So upon login of a specific user pam mount creates a unionfs with the read-only home directory and a writable temporary directory, thus fooling the environment into believe it has a writable home directory - so that all applications work as expected. When logged off or rebooted the unionfs is unmounted and all changes gone. Since this configuration is individual to each computer, we have also set up one computer without this setup, so the teachers can log on and make any necessary changes to the /homem directory for the students (like changing the start page in firefox or setting a new default font and so on). We're quite happy with this setup and it works well for our needs. It also means we only have to maintain one user account and one home directory. We also effectively lock down the environment, giving every student exactly the same look-and-feel, which is crucial for the IT courses. That was the introduction, now for my question. I want to replicate this setup to work for LTSP clients. The building blocks for this setup is basically pam mount for the automatic mounting of file systems and volumes whenever a user logs on, and some place on the server to point the writable directory to. One user on IRC says that all the pam stuff happens server side, so I guess this would be a limiting factor here? Does anyone have any input here? Or maybe some other way to accomplish the same? And please don't let the one user account design be the focus of the responses ;) - Marius [1] http://www.debian-administration.org/articles/586 -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
Marius, I concur with this type of setup, though my thinking is that having a single user account with multiple simultaneous logins isn't a very good idea since multiple things are happening at the same time, which might confuse the server/PAM/applications. I might be wrong, but it just seems like a bad design choice for your goal. I would propose a temporary user of sorts that pulls from the skel/template you created, does a pam makehomedir or whatever it is, and removes it upon logout. This way, you have separate user accounts for each login, and changes can be wiped upon user logout. A colleague and I are in the planning stages for something like this that we want to incorporate into our new Ubuntu LTSP/Linux web config utility (don't ask about it yet, as it's in the very beginning stages, just started dev yesterday) which will give dynamic, temporary user accounts that aren't persistent, yet handle simultaneous logins in a sane way. Maybe we can provide better feedback once this portion of it is developed. In the meantime, I think your idea is great, and see many use cases for it - it shouldn't be shunned, it should be explored, developed and secured appropriately. Cheers, Jordan/Lns Marius Flage wrote: Hi there I've asked this question a couple of times on the IRC channel and mostly just gotten friendly abuse for having such a bad design as to only use one user account. So instead I ask this question here, where I can properly outline the reason why only one user account and also explain the other design decisions. I'm the system administrator for a school with students aged 6 to 14. The computers in our network are mostly used for working in applications like OpenOffice.org and retrieving resources off the web. We have quite a few machines spread out throughout the school, and a couple of computer labs where we have some permanent installations. In these labs I've set up fat clients with Ubuntu Jaunty. For simplicity and ease of user management (the school has no permanent IT personnel to handle day-to-day maintenance), we only use one shared account for all students. The implications of this design is that we have to make sure that changes done by one of the students won't get replicated to the home directory. The way I've accomplished this is by using unionfs. Unionfs let's me combine two (or more?) directories into one (as outlined in [1] - the only change here is that I'm using a directory under /tmp instead of tmpfs). So upon login of a specific user pam mount creates a unionfs with the read-only home directory and a writable temporary directory, thus fooling the environment into believe it has a writable home directory - so that all applications work as expected. When logged off or rebooted the unionfs is unmounted and all changes gone. Since this configuration is individual to each computer, we have also set up one computer without this setup, so the teachers can log on and make any necessary changes to the /homem directory for the students (like changing the start page in firefox or setting a new default font and so on). We're quite happy with this setup and it works well for our needs. It also means we only have to maintain one user account and one home directory. We also effectively lock down the environment, giving every student exactly the same look-and-feel, which is crucial for the IT courses. That was the introduction, now for my question. I want to replicate this setup to work for LTSP clients. The building blocks for this setup is basically pam mount for the automatic mounting of file systems and volumes whenever a user logs on, and some place on the server to point the writable directory to. One user on IRC says that all the pam stuff happens server side, so I guess this would be a limiting factor here? Does anyone have any input here? Or maybe some other way to accomplish the same? And please don't let the one user account design be the focus of the responses ;) - Marius [1] http://www.debian-administration.org/articles/586 -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net -- Jordan Erickson Owner, Logical Networking Solutions http://www.logicalnetworking.net 707-636-5678 Latest LNS Blogs - http://blog.logicalnetworking.net Closed-Circuit TV Ads May Be
Re: [Ltsp-discuss] Single user account and pam mount
Jordan Erickson wrote: I would propose a temporary user of sorts that pulls from the skel/template you created, does a pam makehomedir or whatever it is, and removes it upon logout. This way, you have separate user accounts for each login, and changes can be wiped upon user logout. The immediate problem with this is how to keep control over the different usernames/passwords currently in use. Now it's easy just telling all students to use student/student to log in. If we have to inform them to use random usernames/passwords, then it'll quickly become a user administration nightmare. But maybe you meant some other way of creating the accounts..? It needs to be simple and predictable. - Marius -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
On Tue, Apr 28, 2009 at 12:03:52PM -0700, Jordan Erickson wrote: ... it shouldn't be shunned, it should be explored, developed and secured appropriately. There are many, many, MANY problems with this idea: 1) Most programs: gnome, firefox, openoffice.org, etc., all have configs that they constantly write to and update. Having a shared, common area on a server is either going to require some very special fancy footwork involving private namespace homedir mounts, or creating per-instance homedirs and mounting them via unionfs, as the person before noted. What you gain in having to manage only one account, you lose in increased complexity of managing the environment, as well as an increased chance of something going wrong with this setup. As you say, these are things that could be developed around. However: 2) Bad Student figures out he can break into the school mark system/finds an open proxy to view RedTube videos/harrases fellow student with racial slurs/pick your scenario. *EVEN IF* you figured out some way to identify the 135 currently logged in as student to the one who's actually causing the trouble, good luck trying to prove it beyond a reasonable doubt to a technically illiterate Principal/School Trustee/Judge and/or Jury. Oh, and you say you developed this system yourself? Could you please provide *incontrovertable* proof that you've CORRECTLY identified little Yimmy here as the bad guy? And speak slow: I don't understand all this computer mumbo-jumbo. All this having been said, I suspect that either pam-mount, or, probably more succinctly, pam-script (since you'd really want to do more that just mount: you also want to create the tmp area, etc.) would probably be the way to go. pam-script can be found at: http://sourceforge.net/projects/pam-script/ Hope this helps. Scott -- Scott L. Balneaves | An honest tale speeds best being plainly told. Systems Department | -- William Shakespeare, Henry VI Legal Aid Manitoba | -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
Scott Balneaves wrote: All this having been said, I suspect that either pam-mount, or, probably more succinctly, pam-script (since you'd really want to do more that just mount: you also want to create the tmp area, etc.) would probably be the way to go. pam-script can be found at: http://sourceforge.net/projects/pam-script/ Yeah, it's pam mount I'm using for the fat clients. But my problem now is exactly the creation of the tmp area. Since I don't want the thin clients to have hard drives and I don't want to create a tmpfs for this usage, I have to create directories on the server to be used for the tmp area. So then I need a little script to create the tmp area based on ip or something. But is this at all possible? And if I want to do this in a LTSP area, where should I put the pam stuff? In the chroot for the thin clients or on the server? Can you provide some framework examples for how this can be accomplished in practice? Thanks a lot! - Marius -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
On Tue, 2009-04-28 at 23:30 +0200, mar...@flage.org wrote: Scott Balneaves wrote: All this having been said, I suspect that either pam-mount, or, probably more succinctly, pam-script (since you'd really want to do more that just mount: you also want to create the tmp area, etc.) would probably be the way to go. pam-script can be found at: http://sourceforge.net/projects/pam-script/ Yeah, it's pam mount I'm using for the fat clients. But my problem now is exactly the creation of the tmp area. Since I don't want the thin clients to have hard drives and I don't want to create a tmpfs for this usage, I have to create directories on the server to be used for the tmp area. So then I need a little script to create the tmp area based on ip or something. But is this at all possible? And if I want to do this in a LTSP area, where should I put the pam stuff? In the chroot for the thin clients or on the server? Can you provide some framework examples for how this can be accomplished in practice? Thanks a lot! Wouldn't this all become much simpler if you had a separate user account for each thinclient (and a label on each monitor giving the username/password combination)? To avoid problems of students using the name/pwd pair of another station you could restrict each user account to only be able to login from that thin client. Andreas -- Andreas J. Guelzow Concordia University College of Alberta -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
On Tue, Apr 28, 2009 at 09:26:40PM +0200, Marius Flage wrote: Jordan Erickson wrote: I would propose a temporary user of sorts that pulls from the skel/template you created, does a pam makehomedir or whatever it is, and removes it upon logout. This way, you have separate user accounts for each login, and changes can be wiped upon user logout. The immediate problem with this is how to keep control over the different usernames/passwords currently in use. Now it's easy just telling all students to use student/student to log in. If we have to inform them to use random usernames/passwords, then it'll quickly become a user administration nightmare. But maybe you meant some other way of creating the accounts..? It needs to be simple and predictable. if you set LDM_GUESTLOGIN=True in lts.conf, there will be a button to click on that will automatically login with the hostname of the thin client, which should default user/password based on the ip address to ltsp20, ltsp21, ... ltsp255 for most setups without DNS on the thin-client network. a few related configuration options should be described here: http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspDocumentationUpstream that doesn't handle account and homedir creation, but at least gives you a simple and predictable user/passwd login. then you could experiment with some sort of skeleton home dir for users. the problem of course, is if there is user-specific data in the skeleton directory. good luck! live well, vagrant -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
mar...@flage.org wrote: Scott Balneaves wrote: All this having been said, I suspect that either pam-mount, or, probably more succinctly, pam-script (since you'd really want to do more that just mount: you also want to create the tmp area, etc.) would probably be the way to go. pam-script can be found at: http://sourceforge.net/projects/pam-script/ Yeah, it's pam mount I'm using for the fat clients. But my problem now is exactly the creation of the tmp area. Since I don't want the thin clients to have hard drives and I don't want to create a tmpfs for this usage, I have to create directories on the server to be used for the tmp area. So then I need a little script to create the tmp area based on ip or something. But is this at all possible? And if I want to do this in a LTSP area, where should I put the pam stuff? In the chroot for the thin clients or on the server? Can you provide some framework examples for how this can be accomplished in practice? Unless you're running local applications on the thin clients, all the authentication stuff happens on the server. There wouldn't seem to be any point to putting anything in the chroot. -Steve -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Re: [Ltsp-discuss] Single user account and pam mount
On Wednesday 29 April 2009 03:04:17 ltsp-discuss-requ...@lists.sourceforge.net
wrote:
[snip]
For simplicity and ease of
user management (the school has no permanent IT personnel to handle
day-to-day maintenance), we only use one shared account for all students.
The implications of this design is that we have to make sure that
changes done by one of the students won't get replicated to the home
directory. The way I've accomplished this is by using unionfs. Unionfs
let's me combine two (or more?) directories into one (as outlined in [1]
{snip}
The fundamental unix paradigism has no problem with multiple logins (all the
same) but every (not really, but ...) modern app is hell bent on enforcing
that you don't do so.
You will never win, the system will always beat you. Your solution is really
not a clever one, especially as you do not have IT staff, when you leave or
get got by a bus kidding or just as time passes you leave a legacy of
heartache. Instead of the message being How wonderful Linux bla bla you get
How dreadful, nothing ever worked ... just to satisfy YOUR need for a single
user account.
The abuse you got on IRC is really the experience of wiser men saying This
will cause bloody knees ... The alternative is simpler to impliment, and
really do trust those who advise you to not do this. You've no idea ...
James
--
Register Now Save for Velocity, the Web Performance Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
