[K12OSN] LTSP 5/code to bypass encryption of X

Fri Jun 22 19:20:58 UTC 2007

Just to add a few notes (sorry I dont keep up with the list as much as I
used to):

The autologin features with that revised ldm work like this:

1.  'REAL' USERS:
  a.  You can specify a username with LDM_USERNAME=bob  (where the
username is "bob").  (of course, you probably want to put this in a
specified workstation section, so that all of your thin clients don't
login as 'bob'.  ;)
  b.  You can then specify bob's password with LDM_PASSWORD=password  
2.  'GUEST' USERS:
  a.  LDM_USERNAME supports the use of executing a command to return the
username.  So, you can create a bunch of user accounts on your server
where the username is the hostname of the thin client.  Then, put in the
[Default] section, LDM_USERNAME="hostname|"  (Note the pipe (|) at the
end).  This tells it to execute the hostname command on the client and
use the result for the username.
  b.  create a common password for all users and set
LDM_PASSWORD=password  OR  create an ssh key pair, and put the private
key in /opt/ltsp/i386/root/.ssh/id_dsa  and the public key somehwere on
the server, say /etc/ssh/id_dsa.pub.  and then, in every user account,
create a symlink between /home/<user>/.ssh/authorized_keys
-> /etc/ssh/id_dsa.pub

NOTE:  autologin is by definition insecure.  Be careful when you use it.
I just hope this patch his useful to those who do not care about
security for certain systems.

-Gadi

On Wed, 2007-06-20 at 09:31 -0500, Jim Kronebusch wrote:
> Hello all,  I met with Gideon Romm at our North Central Linux Symposium.  He has been
> working on modifications to the code for ldm to allow the bypass of X being encrypted
> over ssh.  He has also added functionality to be able to use autologin.  You can
> download the modified ldm from here:
> 
> http://codebrowse.launchpad.net/~gideon/ltsp/gadi-ldm-mods-ltsp/download/gadi%40ltsp.org-20070521205254-ek710bofdpdtlwlz/x_Matt_Zimmerman_%3Cmatt.zimmerman%40canonical.com%3E_Tue_Jun__7_19%3A59%3A49_2005_32192.0/ldm
> 
> Replace your current "/opt/ltsp/i386/usr/sbin/ldm" with the new file (you may want to
> backup your current ldm just to be safe).  The in "/opt/ltsp/i386/etc/lts.conf" add the
> following line:
> 
> LDM_DIRECTX=True
> 
> You will now be able to run without X being encrypted, which in theory should allow LTSP
> 5 to run at the same speed as LTSP 4.2.  Bootup times and logout times will still be
> slower, but once booted things should zoom along.  So far my tests show that this works
> awesome!  I am still waiting for my new clients to really give this a go.
> 
> If you would like to use autologin features you simply need to add the following line to
> lts.conf:
> 
> LDM_USERNAME=hostname
> 
> Apparently this lets you use the same user=workstation method that worked in LTSP 4.2. 
> You will still need to setup ssh keys OR create the same password for each user and
> specify LDM_PASSWORD="mypassword" (in lts.conf).  You also need to specify workstation
> names in dhcpd.conf so that workstations do not all have the same hostname (I am not
> sure if this is able to be done with the /etc/hosts file as well).
> 
> Anyhow this hacked ldm should allow LTSP 5 to finally be usable in larger installations
> instead of hanging on to LTSP 4.2.  Also I guess that Scott Balneaves has rewritten some
> of the python startup files in C, which should clear up some boot time problems in the
> next Gutsy release.
> 
> Jim Kronebusch
> Cotter Tech Department
> 453-5188
> 
> 
-- 
--------------------------------------------------------
Gideon Romm | Proud LTSP Developer
ltsp at symbio-technologies.com

Support LTSP!  Buy your hardware at:

        www.DisklessWorkstations.com
        www.DisklessThinClients.com 

(use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com)