X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/df7c21195c9e9fe3362fbfc257414fed6a37e00a..d394728b6e1462d5f3ffd5d124516f4fe20d561f:/blog/archive/2010/05/05.rss?ds=sidebyside diff --git a/blog/archive/2010/05/05.rss b/blog/archive/2010/05/05.rss index 1c3a0fb3a6..ded51ceb1e 100644 --- a/blog/archive/2010/05/05.rss +++ b/blog/archive/2010/05/05.rss @@ -239,5 +239,128 @@ list of usertagged bugs related to this</a>.</p> + + Pieces of the roaming laptop puzzle in Debian + http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html + http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html + Wed, 19 May 2010 19:00:00 +0200 + +<p>Today, the last piece of the puzzle for roaming laptops in Debian +Edu finally entered the Debian archive. Today, the new +<a href="http://packages.qa.debian.org/libp/libpam-mklocaluser.html">libpam-mklocaluser</a> +package was accepted. Two days ago, two other pieces was accepted +into unstable. The +<a href="http://packages.qa.debian.org/p/pam-python.html">pam-python</a> +package needed by libpam-mklocaluser, and the +<a href="http://packages.qa.debian.org/s/sssd.html">sssd</a> package +passed NEW on Monday. In addition, the +<a href="http://packages.qa.debian.org/libp/libpam-ccreds.html">libpam-ccreds</a> +package we need is in experimental (version 10-4) since Saturday, and +hopefully will be moved to unstable soon.</p> + +<p>This collection of packages allow for two different setups for +roaming laptops. The traditional setup would be using libpam-ccreds, +nscd and libpam-mklocaluser with LDAP or Kerberos authentication, +which should work out of the box if the configuration changes proposed +for nscd in <a href="http://bugs.debian.org/485282">BTS report +#485282</a> is implemented. The alternative setup is to use sssd with +libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take +care of the caching of passwords and group information.</p> + +<p>I have so far been unable to get sssd to work with the LDAP server +at the University, but suspect the issue is some SSL/GnuTLS related +problem with the server certificate. I plan to update the Debian +package to version 1.2, which is scheduled for next week, and hope to +find time to make sure the next release will include both the +Debian/Ubuntu specific patches. Upstream is friendly and responsive, +and I am sure we will find a good solution.</p> + +<p>The idea is to set up the roaming laptops to authenticate using +LDAP or Kerberos and create a local user with home directory in /home/ +when a usre in LDAP logs in via KDM or GDM for the first time, and +cache the password for offline checking, as well as caching group +memberhips and other relevant LDAP information. The +libpam-mklocaluser package was created to make sure the local home +directory is in /home/, instead of /site/server/directory/ which would +be the home directory if pam_mkhomedir was used. To avoid confusion +with support requests and configuration, we do not want local laptops +to have users in a path that is used for the same users home directory +on the home directory servers.</p> + +<p>One annoying problem with gdm is that it do not show the PAM +message passed to the user from libpam-mklocaluser when the local user +is created. Instead gdm simply reject the login with some generic +message. The message is shown in kdm, ssh and login, so I guess it is +a bug in gdm. Have not investigated if there is some other message +type that can be used instead to get gdm to also show the message.</p> + +<p>If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.</p> + + + + + Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten + http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html + http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html + Fri, 21 May 2010 16:00:00 +0200 + +<p>For en stund tilbake kjøpte jeg en magnetkortleser for å kunne +titte på hva som er skrevet inn på magnetstripene til ulike kort. Har +ikke hatt tid til å analysere mange kort så langt, men tenkte jeg +skulle dele innholdet på to kort med mine lesere.</p> + +<p>For noen dager siden tok jeg flyet til Harstad og Hurtigruten til +Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med +magnetstripe. Påtrykket finner jeg følgende informasjon:</p> + +<pre> +Flytoget Airport Express Train + +Fra - Til : Oslo Sentralstasjon +Kategori : Voksen +Pris : Nok 170,00 +Herav mva. 8,00% : NOK 12,59 +Betaling : Kontant +Til - Fra : Oslo Lufthavn +Utstedt: : 08.05.10 +Gyldig Fra-Til : 08.05.10-07.11.10 +Billetttype : Enkeltbillett + +102-1015-100508-48382-01-08 +</pre> + +<p>På selve magnetstripen er innholdet +<tt>;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?</tt>. +Aner ikke hva innholdet representerer, og det er lite overlapp mellom +det jeg ser trykket på billetten og det jeg ser av tegn i +magnetstripen. Håper det betyr at de bruker kryptografiske metoder +for å gjøre det vanskelig å forfalske billetter.</p> + +<p>Den andre billetten er fra hurtigruta, der jeg mistenker at +strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert +fall den biten vi stakk inn i dørlåsen).</p> + +<p>Påtrykket forsiden er følgende:</p> + +<pre> +Romnummer 727 +Hurtigruten +Midnatsol +Reinholdtsen +Petter +Bookingno: SAX69 0742193 +Harstad-Bergen +Dep: 09.05.2010 Arr: 12.05.2010 +Lugar fra Risøyhamn +Kost: FRO=4 +</pre> + +<p>På selve magnetstripen er innholdet +<tt>;1316010007421930=00000000000000000000?+E?</tt>. Heller ikke her +ser jeg mye korrespondanse mellom påtrykk og magnetstripe.</p> + + +