<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Togsatsing på norsk, mot sykkel</title>
+ <link>http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</guid>
+ <pubDate>Wed, 2 Jun 2010 23:45:00 +0200</pubDate>
+ <description>
+<p>Det står dårlig til med toget når en finner på å la det
+<a href="http://www.aftenposten.no/nyheter/iriks/article3677060.ece">kappkjøre
+med sykkel</a>... Jeg tror det trengs strukturendringer for å få
+fikset på togproblemene i Norge.</p>
+
+<p>Mon tro hva toglinje mellom Narvik og Tromsø ville hatt slags
+effekt på området der?</p>
+</description>
+ </item>
+
+ <item>
+ <title>KDM fail at boot with NVidia cards - and no one try to fix it?</title>
+ <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</guid>
+ <pubDate>Tue, 1 Jun 2010 17:05:00 +0200</pubDate>
+ <description>
+<p>It is strange to watch how a bug in Debian causing KDM to fail to
+start at boot when an NVidia video card is used is handled. The
+problem seem to be that the nvidia X.org driver uses a long time to
+initialize, and this duration is longer than kdm is configured to
+wait.</p>
+
+<p>I came across two bugs related to this issue,
+<a href="http://bugs.debian.org/583312">#583312</a> initially filed
+against initscripts and passed on to nvidia-glx when it became obvious
+that the nvidia drivers were involved, and
+<a href="http://bugs.debian.org/524751">#524751</a> initially filed against
+kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.</p>
+
+<p>To me, it seem that no-one is interested in actually solving the
+problem nvidia video card owners experience and make sure the Debian
+distribution work out of the box for these users. The nvidia driver
+maintainers expect kdm to be set up to wait longer, while kdm expect
+the nvidia driver maintainers to fix the driver to start faster, and
+while they wait for each other I guess the users end up switching to a
+distribution that work for them. I have no idea what the solution is,
+but I am pretty sure that waiting for each other is not it.</p>
+
+<p>I wonder why we end up handling bugs this way.</p>
+</description>
+ </item>
+
<item>
<title>Parallellized boot seem to hold up well in Debian/testing</title>
<link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</link>
the BTS, please usertag the report to get it to show up at
<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
list of usertagged bugs related to this</a>.</p>
+
+<p>Update: Correct bug number to file-rc issue.</p>
</description>
</item>
</description>
</item>
- <item>
- <title>Forcing new users to change their password on first login</title>
- <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</guid>
- <pubDate>Sun, 2 May 2010 13:47:00 +0200</pubDate>
- <description>
-<p>One interesting feature in Active Directory, is the ability to
-create a new user with an expired password, and thus force the user to
-change the password on the first login attempt.</p>
-
-<p>I'm not quite sure how to do that with the LDAP setup in Debian
-Edu, but did some initial testing with a local account. The account
-and password aging information is available in /etc/shadow, but
-unfortunately, it is not possible to specify an expiration time for
-passwords, only a maximum age for passwords.</p>
-
-<p>A freshly created account (using adduser test) will have these
-settings in /etc/shadow:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -l test
-Last password change : May 02, 2010
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 99999
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>The only way I could come up with to create a user with an expired
-account, is to change the date of the last password change to the
-lowest value possible (January 1th 1970), and the maximum password age
-to the difference in days between that date and today. To make it
-simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
-avoid testing if 0 is a valid value).</p>
-
-<p>After using these commands to set it up, it seem to work as
-intended:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change : Jan 02, 1970
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 10950
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>So far I have tested this with ssh and console, and kdm (in
-Squeeze) login, and all ask for a new password before login in the
-user (with ssh, I was thrown out and had to log in again).</p>
-
-<p>Perhaps we should set up something similar for Debian Edu, to make
-sure only the user itself have the account password?</p>
-
-<p>If you want to comment on or help out with implementing this for
-Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
-shadow(8) page in Debian/testing now state that setting the date of
-last password change to zero (0) will force the password to be changed
-on the first login. This was not mentioned in the manual in Lenny, so
-I did not notice this in my initial testing. I have tested it on
-Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
-tested it on Lenny yet.</p>
-
-<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
-equivalent command to expire a password is '<tt>passwd -e
-username</tt>', which insert zero into the date of the last password
-change.</p>
-</description>
- </item>
-
- <item>
- <title>Thoughts on roaming laptop setup for Debian Edu</title>
- <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</guid>
- <pubDate>Wed, 28 Apr 2010 20:40:00 +0200</pubDate>
- <description>
-<p>For some years now, I have wondered how we should handle laptops in
-Debian Edu. The Debian Edu infrastructure is mostly designed to
-handle stationary computers, and less suited for computers that come
-and go.</p>
-
-<p>Now I finally believe I have an sensible idea on how to adjust
-Debian Edu for laptops, by introducing a new profile for them, for
-example called Roaming Workstations. Here are my thought on this.
-The setup would consist of the following:</p>
-
-<ul>
-
- <li>During installation, the user name of the owner / primary user of
- the laptop is requested and a local home directory is set up for
- the user, with uid and gid information fetched from the LDAP
- server. This allow the user to work also when offline. The
- central home directory can be available in a subdirectory on
- request, for example mounted via CIFS. It could be mounted
- automatically when a user log in while on the Debian Edu network,
- and unmounted when the machine is taken away (network down,
- hibernate, etc), it can be set up to do automatic mounting on
- request (using autofs), or perhaps some GUI button on the desktop
- can be used to access it when needed. Perhaps it is enough to use
- the fish protocol in KDE?</li>
-
- <li>Password checking is set up to use LDAP or Kerberos
- authentication when the machine is on the Debian Edu network, and
- to cache the password for offline checking when the machine unable
- to reach the LDAP or Kerberos server. This can be done using
- <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
- or the Fedora developed
- <a href="https://fedoraproject.org/wiki/Features/SSSD">System
- Security Services Daemon</a> packages.</li>
-
- <li>File synchronisation with the central home directory is set up
- using a shared directory in both the local and the central home
- directory, using unison.</li>
-
- <li>Printing should be set up to print to all printers broadcasting
- their existence on the local network, and should then work out of
- the box with CUPS. For sites needing accurate printer quotas, some
- system with Kerberos authentication or printing via ssh could be
- implemented.</li>
-
- <li>For users that should have local root access to their laptop,
- sudo should be used to allow this to the local user.</li>
-
- <li>It would be nice if user and group information from LDAP is
- cached on the client, but given that there are entries for the
- local user and primary group in /etc/, it should not be needed.</li>
-
-</ul>
-
-<p>I believe all the pieces to implement this are in Debian/testing at
-the moment. If we work quickly, we should be able to get this ready
-in time for the Squeeze release to freeze. Some of the pieces need
-tweaking, like libpam-ccreds should get support for pam-auth-update
-(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
-perhaps debian-edu-config) should get some integration code to stop
-its daemon when the LDAP server is unavailable to avoid long timeouts
-when disconnected from the net. If we get Kerberos enabled, we need
-to make sure we avoid long timeouts there too.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
-</description>
- </item>
-
</channel>
</rss>
projects / homepage.git / blobdiff