1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from May
2010</title>
5 <description>Entries from May
2010</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Forcing new users to change their password on first login
</title>
11 <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</guid>
13 <pubDate>Sun,
2 May
2010 13:
47:
00 +
0200</pubDate>
15 <p
>One interesting feature in Active Directory, is the ability to
16 create a new user with an expired password, and thus force the user to
17 change the password on the first login attempt.
</p
>
19 <p
>I
'm not quite sure how to do that with the LDAP setup in Debian
20 Edu, but did some initial testing with a local account. The account
21 and password aging information is available in /etc/shadow, but
22 unfortunately, it is not possible to specify an expiration time for
23 passwords, only a maximum age for passwords.
</p
>
25 <p
>A freshly created account (using adduser test) will have these
26 settings in /etc/shadow:
</p
>
28 <blockquote
><pre
>
29 root@tjener:~# chage -l test
30 Last password change : May
02,
2010
31 Password expires : never
32 Password inactive : never
33 Account expires : never
34 Minimum number of days between password change :
0
35 Maximum number of days between password change :
99999
36 Number of days of warning before password expires :
7
38 </pre
></blockquote
>
40 <p
>The only way I could come up with to create a user with an expired
41 account, is to change the date of the last password change to the
42 lowest value possible (January
1th
1970), and the maximum password age
43 to the difference in days between that date and today. To make it
44 simple, I went for
30 years (
30 *
365 =
10950) and January
2th (to
45 avoid testing if
0 is a valid value).
</p
>
47 <p
>After using these commands to set it up, it seem to work as
50 <blockquote
><pre
>
51 root@tjener:~# chage -d
1 test; chage -M
10950 test
52 root@tjener:~# chage -l test
53 Last password change : Jan
02,
1970
54 Password expires : never
55 Password inactive : never
56 Account expires : never
57 Minimum number of days between password change :
0
58 Maximum number of days between password change :
10950
59 Number of days of warning before password expires :
7
61 </pre
></blockquote
>
63 <p
>So far I have tested this with ssh and console, and kdm (in
64 Squeeze) login, and all ask for a new password before login in the
65 user (with ssh, I was thrown out and had to log in again).
</p
>
67 <p
>Perhaps we should set up something similar for Debian Edu, to make
68 sure only the user itself have the account password?
</p
>
70 <p
>If you want to comment on or help out with implementing this for
71 Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
73 <p
>Update
2010-
05-
02 17:
20: Paul Tötterman tells me on IRC that the
74 shadow(
8) page in Debian/testing now state that setting the date of
75 last password change to zero (
0) will force the password to be changed
76 on the first login. This was not mentioned in the manual in Lenny, so
77 I did not notice this in my initial testing. I have tested it on
78 Squeeze, and
'<tt
>chage -d
0 username
</tt
>' do work there. I have not
79 tested it on Lenny yet.
</p
>
81 <p
>Update
2010-
05-
02-
19:
05: Jim Paris tells me via email that an
82 equivalent command to expire a password is
'<tt
>passwd -e
83 username
</tt
>', which insert zero into the date of the last password
89 <title>Parallellizing the boot in Debian Squeeze - ready for wider testing
</title>
90 <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</link>
91 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</guid>
92 <pubDate>Thu,
6 May
2010 23:
25:
00 +
0200</pubDate>
94 <p
>These days, the init.d script dependencies in Squeeze are quite
95 complete, so complete that it is actually possible to run all the
96 init.d scripts in parallell based on these dependencies. If you want
97 to test your Squeeze system, make sure
98 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
99 based boot sequencing
</a
> is enabled, and add this line to
100 /etc/default/rcS:
</p
>
102 <blockquote
><pre
>
104 </pre
></blockquote
>
106 <p
>That is it. It will cause sysv-rc to use the startpar tool to run
107 scripts in parallel using the dependency information stored in
108 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
109 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
110 to try to start the kdm and gdm scripts as early as possible, and will
111 start the facilities required by kdm or gdm as early as possible to
112 make this happen.
</p
>
114 <p
>Give it a try, and see if you like the result. If some services
115 fail to start properly, it is most likely because they have incomplete
116 init.d script dependencies in their startup script (or some of their
117 dependent scripts have incomplete dependencies). Report bugs and get
118 the package maintainers to fix it. :)
</p
>
120 <p
>Running scripts in parallel could be the default in Debian when we
121 manage to get the init.d script dependencies complete and correct. I
122 expect we will get there in Squeeze+
1, if we get manage to test and
123 fix the remaining issues.
</p
>
125 <p
>If you report any problems with dependencies in init.d scripts to
126 the BTS, please usertag the report to get it to show up at
127 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
128 list of usertagged bugs related to this
</a
>.
</p
>
133 <title>systemd, an interesting alternative to upstart
</title>
134 <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</link>
135 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</guid>
136 <pubDate>Thu,
13 May
2010 22:
20:
00 +
0200</pubDate>
138 <p
>The last few days a new boot system called
139 <a href=
"http://www.freedesktop.org/wiki/Software/systemd
">systemd
</a
>
141 <a href=
"http://
0pointer.de/blog/projects/systemd.html
">introduced
</a
>
143 to the free software world. I have not yet had time to play around
144 with it, but it seem to be a very interesting alternative to
145 <a href=
"http://upstart.ubuntu.com/
">upstart
</a
>, and might prove to be
146 a good alternative for Debian when we are able to switch to an event
147 based boot system. Tollef is
148 <a href=
"http://bugs.debian.org/
580814">in the process
</a
> of getting
149 systemd into Debian, and I look forward to seeing how well it work. I
150 like the fact that systemd handles init.d scripts with dependency
151 information natively, allowing them to run in parallel where upstart
152 at the moment do not.
</p
>
154 <p
>Unfortunately do systemd have the same problem as upstart regarding
155 platform support. It only work on recent Linux kernels, and also need
156 some new kernel features enabled to function properly. This means
157 kFreeBSD and Hurd ports of Debian will need a port or a different boot
158 system. Not sure how that will be handled if systemd proves to be the
159 way forward.
</p
>
161 <p
>In the mean time, based on the
162 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
163 on debian-devel@
</a
> regarding parallel booting in Debian, I have
164 decided to enable full parallel booting as the default in Debian as
165 soon as possible (probably this weekend or early next week), to see if
166 there are any remaining serious bugs in the init.d dependencies. A
167 new version of the sysvinit package implementing this change is
168 already in experimental. If all go well, Squeeze will be released
169 with parallel booting enabled by default.
</p
>
174 <title>Sitesummary tip: Listing MAC address of all clients
</title>
175 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</link>
176 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</guid>
177 <pubDate>Fri,
14 May
2010 21:
10:
00 +
0200</pubDate>
179 <p
>In the recent Debian Edu versions, the
180 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">sitesummary
181 system
</a
> is used to keep track of the machines in the school
182 network. Each machine will automatically report its status to the
183 central server after boot and once per night. The network setup is
184 also reported, and using this information it is possible to get the
185 MAC address of all network interfaces in the machines. This is useful
186 to update the DHCP configuration.
</p
>
188 <p
>To give some idea how to use sitesummary, here is a one-liner to
189 ist all MAC addresses of all machines reporting to sitesummary. Run
190 this on the collector host:
</p
>
192 <blockquote
><pre
>
193 perl -MSiteSummary -e
'for_all_hosts(sub { print join(
" ", get_macaddresses(shift)),
"\n
"; });
'
194 </pre
></blockquote
>
196 <p
>This will list all MAC addresses assosiated with all machine, one
197 line per machine and with space between the MAC addresses.
</p
>
199 <p
>To allow system administrators easier job at adding static DHCP
200 addresses for hosts, it would be possible to extend this to fetch
201 machine information from sitesummary and update the DHCP and DNS
202 tables in LDAP using this information. Such tool is unfortunately not
203 written yet.
</p
>
208 <title>Parallellized boot is now the default in Debian/unstable
</title>
209 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</link>
210 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</guid>
211 <pubDate>Fri,
14 May
2010 22:
40:
00 +
0200</pubDate>
213 <p
>Since this evening, parallel booting is the default in
214 Debian/unstable for machines using dependency based boot sequencing.
215 Apparently the testing of concurrent booting has been wider than
216 expected, if I am to believe the
217 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
218 on debian-devel@
</a
>, and I concluded a few days ago to move forward
219 with the feature this weekend, to give us some time to detect any
220 remaining problems before Squeeze is frozen. If serious problems are
221 detected, it is simple to change the default back to sequential boot.
222 The upload of the new sysvinit package also activate a new upstream
225 More information about
226 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
227 based boot sequencing
</a
> is available from the Debian wiki. It is
228 currently possible to disable parallel booting when one run into
229 problems caused by it, by adding this line to /etc/default/rcS:
</p
>
231 <blockquote
><pre
>
233 </pre
></blockquote
>
235 <p
>If you report any problems with dependencies in init.d scripts to
236 the BTS, please usertag the report to get it to show up at
237 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
238 list of usertagged bugs related to this
</a
>.
</p
>
projects / homepage.git / blob