[K12OSN] LTSP 5/code to bypass encryption of X
Gideon Romm
ltsp at symbio-technologies.com
Fri Jun 22 19:20:58 UTC 2007
Just to add a few notes (sorry I dont keep up with the list as much as I
used to):
The autologin features with that revised ldm work like this:
1. 'REAL' USERS:
a. You can specify a username with LDM_USERNAME=bob (where the
username is "bob"). (of course, you probably want to put this in a
specified workstation section, so that all of your thin clients don't
login as 'bob'. ;)
b. You can then specify bob's password with LDM_PASSWORD=password
2. 'GUEST' USERS:
a. LDM_USERNAME supports the use of executing a command to return the
username. So, you can create a bunch of user accounts on your server
where the username is the hostname of the thin client. Then, put in the
[Default] section, LDM_USERNAME="hostname|" (Note the pipe (|) at the
end). This tells it to execute the hostname command on the client and
use the result for the username.
b. create a common password for all users and set
LDM_PASSWORD=password OR create an ssh key pair, and put the private
key in /opt/ltsp/i386/root/.ssh/id_dsa and the public key somehwere on
the server, say /etc/ssh/id_dsa.pub. and then, in every user account,
create a symlink between /home/<user>/.ssh/authorized_keys
-> /etc/ssh/id_dsa.pub
NOTE: autologin is by definition insecure. Be careful when you use it.
I just hope this patch his useful to those who do not care about
security for certain systems.
-Gadi
On Wed, 2007-06-20 at 09:31 -0500, Jim Kronebusch wrote:
> Hello all, I met with Gideon Romm at our North Central Linux Symposium. He has been
> working on modifications to the code for ldm to allow the bypass of X being encrypted
> over ssh. He has also added functionality to be able to use autologin. You can
> download the modified ldm from here:
>
> http://codebrowse.launchpad.net/~gideon/ltsp/gadi-ldm-mods-ltsp/download/gadi%40ltsp.org-20070521205254-ek710bofdpdtlwlz/x_Matt_Zimmerman_%3Cmatt.zimmerman%40canonical.com%3E_Tue_Jun__7_19%3A59%3A49_2005_32192.0/ldm
>
> Replace your current "/opt/ltsp/i386/usr/sbin/ldm" with the new file (you may want to
> backup your current ldm just to be safe). The in "/opt/ltsp/i386/etc/lts.conf" add the
> following line:
>
> LDM_DIRECTX=True
>
> You will now be able to run without X being encrypted, which in theory should allow LTSP
> 5 to run at the same speed as LTSP 4.2. Bootup times and logout times will still be
> slower, but once booted things should zoom along. So far my tests show that this works
> awesome! I am still waiting for my new clients to really give this a go.
>
> If you would like to use autologin features you simply need to add the following line to
> lts.conf:
>
> LDM_USERNAME=hostname
>
> Apparently this lets you use the same user=workstation method that worked in LTSP 4.2.
> You will still need to setup ssh keys OR create the same password for each user and
> specify LDM_PASSWORD="mypassword" (in lts.conf). You also need to specify workstation
> names in dhcpd.conf so that workstations do not all have the same hostname (I am not
> sure if this is able to be done with the /etc/hosts file as well).
>
> Anyhow this hacked ldm should allow LTSP 5 to finally be usable in larger installations
> instead of hanging on to LTSP 4.2. Also I guess that Scott Balneaves has rewritten some
> of the python startup files in C, which should clear up some boot time problems in the
> next Gutsy release.
>
> Jim Kronebusch
> Cotter Tech Department
> 453-5188
>
>
--
--------------------------------------------------------
Gideon Romm | Proud LTSP Developer
ltsp at symbio-technologies.com
Support LTSP! Buy your hardware at:
www.DisklessWorkstations.com
www.DisklessThinClients.com
(use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com)
More information about the K12OSN
mailing list