1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Parallellized boot seem to hold up well in Debian/testing
</title>
11 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</guid>
13 <pubDate>Thu,
27 May
2010 23:
55:
00 +
0200</pubDate>
15 <p
>A few days ago, parallel booting was enabled in Debian/testing.
16 The feature seem to hold up pretty well, but three fairly serious
17 issues are known and should be solved:
21 <li
>The wicd package seen to
22 <a href=
"http://bugs.debian.org/
508289">break NFS mounting and
23 <a href=
"http://bugs.debian.org/
581586">network setup
</A
> when
24 parallel booting is enabled. No idea why, but the wicd maintainer
25 seem to be on the case.
</li
>
27 <li
>The nvidia X driver seem to
28 <a href=
"http://bugs.debian.org/
583312">have a race condition
</a
>
29 triggered more easily when parallel booting is in effect. The
30 maintainer is on the case.
</li
>
32 <li
>The sysv-rc package fail to properly enable dependency based boot
33 sequencing (the shutdown is broken) when old file-rc users
34 <a href=
"http://bugs.debian.org/
550425">try to switch back
</a
> to
35 sysv-rc. One way to solve it would be for file-rc to create
36 /etc/init.d/.legacy-bootordering, and another is to try to make
37 sysv-rc more robust. Will investigate some more and probably upload a
38 workaround in sysv-rc to help those trying to move from file-rc to
39 sysv-rc get a working shutdown.
</li
>
43 <p
>All in all not many surprising issues, and all of them seem
44 solvable before Squeeze is released. In addition to these there are
45 some packages with bugs in their dependencies and run level settings,
46 which I expect will be fixed in a reasonable time span.
</p
>
48 <p
>If you report any problems with dependencies in init.d scripts to
49 the BTS, please usertag the report to get it to show up at
50 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
51 list of usertagged bugs related to this
</a
>.
</p
>
56 <title>More flexible firmware handling in debian-installer
</title>
57 <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</link>
58 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</guid>
59 <pubDate>Sat,
22 May
2010 21:
30:
00 +
0200</pubDate>
61 <p
>After a long break from debian-installer development, I finally
62 found time today to return to the project. Having to spend less time
63 working dependency based boot in debian, as it is almost complete now,
64 definitely helped freeing some time.
</p
>
66 <p
>A while back, I ran into a problem while working on Debian Edu. We
67 include some firmware packages on the Debian Edu CDs, those needed to
68 get disk and network controllers working. Without having these
69 firmware packages available during installation, it is impossible to
70 install Debian Edu on the given machine, and because our target group
71 are non-technical people, asking them to provide firmware packages on
72 an external medium is a support pain. Initially, I expected it to be
73 enough to include the firmware packages on the CD to get
74 debian-installer to find and use them. This proved to be wrong.
75 Next, I hoped it was enough to symlink the relevant firmware packages
76 to some useful location on the CD (tried /cdrom/ and
77 /cdrom/firmware/). This also proved to not work, and at this point I
78 found time to look at the debian-installer code to figure out what was
79 going to work.
</p
>
81 <p
>The firmware loading code is in the hw-detect package, and a closer
82 look revealed that it would only look for firmware packages outside
83 the installation media, so the CD was never checked for firmware
84 packages. It would only check USB sticks, floppies and other
85 "external
" media devices. Today I changed it to also look in the
86 /cdrom/firmware/ directory on the mounted CD or DVD, which should
87 solve the problem I ran into with Debian edu. I also changed it to
88 look in /firmware/, to make sure the installer also find firmware
89 provided in the initrd when booting the installer via PXE, to allow us
90 to provide the same feature in the PXE setup included in Debian
93 <p
>To make sure firmware deb packages with a license questions are not
94 activated without asking if the license is accepted, I extended
95 hw-detect to look for preinst scripts in the firmware packages, and
96 run these before activating the firmware during installation. The
97 license question is asked using debconf in the preinst, so this should
98 solve the issue for the firmware packages I have looked at so far.
</p
>
100 <p
>If you want to discuss the details of these features, please
101 contact us on debian-boot@lists.debian.org.
</p
>
106 <title>Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten
</title>
107 <link>http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
</link>
108 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
</guid>
109 <pubDate>Fri,
21 May
2010 16:
00:
00 +
0200</pubDate>
111 <p
>For en stund tilbake kjøpte jeg en magnetkortleser for å kunne
112 titte på hva som er skrevet inn på magnetstripene til ulike kort. Har
113 ikke hatt tid til å analysere mange kort så langt, men tenkte jeg
114 skulle dele innholdet på to kort med mine lesere.
</p
>
116 <p
>For noen dager siden tok jeg flyet til Harstad og Hurtigruten til
117 Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med
118 magnetstripe. Påtrykket finner jeg følgende informasjon:
</p
>
121 Flytoget Airport Express Train
123 Fra - Til : Oslo Sentralstasjon
126 Herav mva.
8,
00% : NOK
12,
59
128 Til - Fra : Oslo Lufthavn
130 Gyldig Fra-Til :
08.05.10-
07.11.10
131 Billetttype : Enkeltbillett
133 102-
1015-
100508-
48382-
01-
08
136 <p
>På selve magnetstripen er innholdet
137 <tt
>;E?+
900120011=
23250996541068112619257138248441708433322932704083389389062603279671261502492655?
</tt
>.
138 Aner ikke hva innholdet representerer, og det er lite overlapp mellom
139 det jeg ser trykket på billetten og det jeg ser av tegn i
140 magnetstripen. Håper det betyr at de bruker kryptografiske metoder
141 for å gjøre det vanskelig å forfalske billetter.
</p
>
143 <p
>Den andre billetten er fra Hurtigruten, der jeg mistenker at
144 strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert
145 fall den biten vi stakk inn i dørlåsen).
</p
>
147 <p
>Påtrykket forsiden er følgende:
</p
>
155 Bookingno: SAX69
0742193
157 Dep:
09.05.2010 Arr:
12.05.2010
162 <p
>På selve magnetstripen er innholdet
163 <tt
>;
1316010007421930=
00000000000000000000?+E?
</tt
>. Heller ikke her
164 ser jeg mye korrespondanse mellom påtrykk og magnetstripe.
</p
>
169 <title>Pieces of the roaming laptop puzzle in Debian
</title>
170 <link>http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html
</link>
171 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html
</guid>
172 <pubDate>Wed,
19 May
2010 19:
00:
00 +
0200</pubDate>
174 <p
>Today, the last piece of the puzzle for roaming laptops in Debian
175 Edu finally entered the Debian archive. Today, the new
176 <a href=
"http://packages.qa.debian.org/libp/libpam-mklocaluser.html
">libpam-mklocaluser
</a
>
177 package was accepted. Two days ago, two other pieces was accepted
179 <a href=
"http://packages.qa.debian.org/p/pam-python.html
">pam-python
</a
>
180 package needed by libpam-mklocaluser, and the
181 <a href=
"http://packages.qa.debian.org/s/sssd.html
">sssd
</a
> package
182 passed NEW on Monday. In addition, the
183 <a href=
"http://packages.qa.debian.org/libp/libpam-ccreds.html
">libpam-ccreds
</a
>
184 package we need is in experimental (version
10-
4) since Saturday, and
185 hopefully will be moved to unstable soon.
</p
>
187 <p
>This collection of packages allow for two different setups for
188 roaming laptops. The traditional setup would be using libpam-ccreds,
189 nscd and libpam-mklocaluser with LDAP or Kerberos authentication,
190 which should work out of the box if the configuration changes proposed
191 for nscd in
<a href=
"http://bugs.debian.org/
485282">BTS report
192 #
485282</a
> is implemented. The alternative setup is to use sssd with
193 libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take
194 care of the caching of passwords and group information.
</p
>
196 <p
>I have so far been unable to get sssd to work with the LDAP server
197 at the University, but suspect the issue is some SSL/GnuTLS related
198 problem with the server certificate. I plan to update the Debian
199 package to version
1.2, which is scheduled for next week, and hope to
200 find time to make sure the next release will include both the
201 Debian/Ubuntu specific patches. Upstream is friendly and responsive,
202 and I am sure we will find a good solution.
</p
>
204 <p
>The idea is to set up the roaming laptops to authenticate using
205 LDAP or Kerberos and create a local user with home directory in /home/
206 when a usre in LDAP logs in via KDM or GDM for the first time, and
207 cache the password for offline checking, as well as caching group
208 memberhips and other relevant LDAP information. The
209 libpam-mklocaluser package was created to make sure the local home
210 directory is in /home/, instead of /site/server/directory/ which would
211 be the home directory if pam_mkhomedir was used. To avoid confusion
212 with support requests and configuration, we do not want local laptops
213 to have users in a path that is used for the same users home directory
214 on the home directory servers.
</p
>
216 <p
>One annoying problem with gdm is that it do not show the PAM
217 message passed to the user from libpam-mklocaluser when the local user
218 is created. Instead gdm simply reject the login with some generic
219 message. The message is shown in kdm, ssh and login, so I guess it is
220 a bug in gdm. Have not investigated if there is some other message
221 type that can be used instead to get gdm to also show the message.
</p
>
223 <p
>If you want to help out with implementing this for Debian Edu,
224 please contact us on debian-edu@lists.debian.org.
</p
>
229 <title>Parallellized boot is now the default in Debian/unstable
</title>
230 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</link>
231 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</guid>
232 <pubDate>Fri,
14 May
2010 22:
40:
00 +
0200</pubDate>
234 <p
>Since this evening, parallel booting is the default in
235 Debian/unstable for machines using dependency based boot sequencing.
236 Apparently the testing of concurrent booting has been wider than
237 expected, if I am to believe the
238 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
239 on debian-devel@
</a
>, and I concluded a few days ago to move forward
240 with the feature this weekend, to give us some time to detect any
241 remaining problems before Squeeze is frozen. If serious problems are
242 detected, it is simple to change the default back to sequential boot.
243 The upload of the new sysvinit package also activate a new upstream
246 More information about
247 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
248 based boot sequencing
</a
> is available from the Debian wiki. It is
249 currently possible to disable parallel booting when one run into
250 problems caused by it, by adding this line to /etc/default/rcS:
</p
>
252 <blockquote
><pre
>
254 </pre
></blockquote
>
256 <p
>If you report any problems with dependencies in init.d scripts to
257 the BTS, please usertag the report to get it to show up at
258 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
259 list of usertagged bugs related to this
</a
>.
</p
>
264 <title>Sitesummary tip: Listing MAC address of all clients
</title>
265 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</link>
266 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</guid>
267 <pubDate>Fri,
14 May
2010 21:
10:
00 +
0200</pubDate>
269 <p
>In the recent Debian Edu versions, the
270 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">sitesummary
271 system
</a
> is used to keep track of the machines in the school
272 network. Each machine will automatically report its status to the
273 central server after boot and once per night. The network setup is
274 also reported, and using this information it is possible to get the
275 MAC address of all network interfaces in the machines. This is useful
276 to update the DHCP configuration.
</p
>
278 <p
>To give some idea how to use sitesummary, here is a one-liner to
279 ist all MAC addresses of all machines reporting to sitesummary. Run
280 this on the collector host:
</p
>
282 <blockquote
><pre
>
283 perl -MSiteSummary -e
'for_all_hosts(sub { print join(
" ", get_macaddresses(shift)),
"\n
"; });
'
284 </pre
></blockquote
>
286 <p
>This will list all MAC addresses assosiated with all machine, one
287 line per machine and with space between the MAC addresses.
</p
>
289 <p
>To allow system administrators easier job at adding static DHCP
290 addresses for hosts, it would be possible to extend this to fetch
291 machine information from sitesummary and update the DHCP and DNS
292 tables in LDAP using this information. Such tool is unfortunately not
293 written yet.
</p
>
298 <title>systemd, an interesting alternative to upstart
</title>
299 <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</link>
300 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</guid>
301 <pubDate>Thu,
13 May
2010 22:
20:
00 +
0200</pubDate>
303 <p
>The last few days a new boot system called
304 <a href=
"http://www.freedesktop.org/wiki/Software/systemd
">systemd
</a
>
306 <a href=
"http://
0pointer.de/blog/projects/systemd.html
">introduced
</a
>
308 to the free software world. I have not yet had time to play around
309 with it, but it seem to be a very interesting alternative to
310 <a href=
"http://upstart.ubuntu.com/
">upstart
</a
>, and might prove to be
311 a good alternative for Debian when we are able to switch to an event
312 based boot system. Tollef is
313 <a href=
"http://bugs.debian.org/
580814">in the process
</a
> of getting
314 systemd into Debian, and I look forward to seeing how well it work. I
315 like the fact that systemd handles init.d scripts with dependency
316 information natively, allowing them to run in parallel where upstart
317 at the moment do not.
</p
>
319 <p
>Unfortunately do systemd have the same problem as upstart regarding
320 platform support. It only work on recent Linux kernels, and also need
321 some new kernel features enabled to function properly. This means
322 kFreeBSD and Hurd ports of Debian will need a port or a different boot
323 system. Not sure how that will be handled if systemd proves to be the
324 way forward.
</p
>
326 <p
>In the mean time, based on the
327 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
328 on debian-devel@
</a
> regarding parallel booting in Debian, I have
329 decided to enable full parallel booting as the default in Debian as
330 soon as possible (probably this weekend or early next week), to see if
331 there are any remaining serious bugs in the init.d dependencies. A
332 new version of the sysvinit package implementing this change is
333 already in experimental. If all go well, Squeeze will be released
334 with parallel booting enabled by default.
</p
>
339 <title>Parallellizing the boot in Debian Squeeze - ready for wider testing
</title>
340 <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</link>
341 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</guid>
342 <pubDate>Thu,
6 May
2010 23:
25:
00 +
0200</pubDate>
344 <p
>These days, the init.d script dependencies in Squeeze are quite
345 complete, so complete that it is actually possible to run all the
346 init.d scripts in parallell based on these dependencies. If you want
347 to test your Squeeze system, make sure
348 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
349 based boot sequencing
</a
> is enabled, and add this line to
350 /etc/default/rcS:
</p
>
352 <blockquote
><pre
>
354 </pre
></blockquote
>
356 <p
>That is it. It will cause sysv-rc to use the startpar tool to run
357 scripts in parallel using the dependency information stored in
358 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
359 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
360 to try to start the kdm and gdm scripts as early as possible, and will
361 start the facilities required by kdm or gdm as early as possible to
362 make this happen.
</p
>
364 <p
>Give it a try, and see if you like the result. If some services
365 fail to start properly, it is most likely because they have incomplete
366 init.d script dependencies in their startup script (or some of their
367 dependent scripts have incomplete dependencies). Report bugs and get
368 the package maintainers to fix it. :)
</p
>
370 <p
>Running scripts in parallel could be the default in Debian when we
371 manage to get the init.d script dependencies complete and correct. I
372 expect we will get there in Squeeze+
1, if we get manage to test and
373 fix the remaining issues.
</p
>
375 <p
>If you report any problems with dependencies in init.d scripts to
376 the BTS, please usertag the report to get it to show up at
377 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
378 list of usertagged bugs related to this
</a
>.
</p
>
383 <title>Forcing new users to change their password on first login
</title>
384 <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</link>
385 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</guid>
386 <pubDate>Sun,
2 May
2010 13:
47:
00 +
0200</pubDate>
388 <p
>One interesting feature in Active Directory, is the ability to
389 create a new user with an expired password, and thus force the user to
390 change the password on the first login attempt.
</p
>
392 <p
>I
'm not quite sure how to do that with the LDAP setup in Debian
393 Edu, but did some initial testing with a local account. The account
394 and password aging information is available in /etc/shadow, but
395 unfortunately, it is not possible to specify an expiration time for
396 passwords, only a maximum age for passwords.
</p
>
398 <p
>A freshly created account (using adduser test) will have these
399 settings in /etc/shadow:
</p
>
401 <blockquote
><pre
>
402 root@tjener:~# chage -l test
403 Last password change : May
02,
2010
404 Password expires : never
405 Password inactive : never
406 Account expires : never
407 Minimum number of days between password change :
0
408 Maximum number of days between password change :
99999
409 Number of days of warning before password expires :
7
411 </pre
></blockquote
>
413 <p
>The only way I could come up with to create a user with an expired
414 account, is to change the date of the last password change to the
415 lowest value possible (January
1th
1970), and the maximum password age
416 to the difference in days between that date and today. To make it
417 simple, I went for
30 years (
30 *
365 =
10950) and January
2th (to
418 avoid testing if
0 is a valid value).
</p
>
420 <p
>After using these commands to set it up, it seem to work as
423 <blockquote
><pre
>
424 root@tjener:~# chage -d
1 test; chage -M
10950 test
425 root@tjener:~# chage -l test
426 Last password change : Jan
02,
1970
427 Password expires : never
428 Password inactive : never
429 Account expires : never
430 Minimum number of days between password change :
0
431 Maximum number of days between password change :
10950
432 Number of days of warning before password expires :
7
434 </pre
></blockquote
>
436 <p
>So far I have tested this with ssh and console, and kdm (in
437 Squeeze) login, and all ask for a new password before login in the
438 user (with ssh, I was thrown out and had to log in again).
</p
>
440 <p
>Perhaps we should set up something similar for Debian Edu, to make
441 sure only the user itself have the account password?
</p
>
443 <p
>If you want to comment on or help out with implementing this for
444 Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
446 <p
>Update
2010-
05-
02 17:
20: Paul Tötterman tells me on IRC that the
447 shadow(
8) page in Debian/testing now state that setting the date of
448 last password change to zero (
0) will force the password to be changed
449 on the first login. This was not mentioned in the manual in Lenny, so
450 I did not notice this in my initial testing. I have tested it on
451 Squeeze, and
'<tt
>chage -d
0 username
</tt
>' do work there. I have not
452 tested it on Lenny yet.
</p
>
454 <p
>Update
2010-
05-
02-
19:
05: Jim Paris tells me via email that an
455 equivalent command to expire a password is
'<tt
>passwd -e
456 username
</tt
>', which insert zero into the date of the last password
462 <title>Thoughts on roaming laptop setup for Debian Edu
</title>
463 <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html
</link>
464 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html
</guid>
465 <pubDate>Wed,
28 Apr
2010 20:
40:
00 +
0200</pubDate>
467 <p
>For some years now, I have wondered how we should handle laptops in
468 Debian Edu. The Debian Edu infrastructure is mostly designed to
469 handle stationary computers, and less suited for computers that come
472 <p
>Now I finally believe I have an sensible idea on how to adjust
473 Debian Edu for laptops, by introducing a new profile for them, for
474 example called Roaming Workstations. Here are my thought on this.
475 The setup would consist of the following:
</p
>
479 <li
>During installation, the user name of the owner / primary user of
480 the laptop is requested and a local home directory is set up for
481 the user, with uid and gid information fetched from the LDAP
482 server. This allow the user to work also when offline. The
483 central home directory can be available in a subdirectory on
484 request, for example mounted via CIFS. It could be mounted
485 automatically when a user log in while on the Debian Edu network,
486 and unmounted when the machine is taken away (network down,
487 hibernate, etc), it can be set up to do automatic mounting on
488 request (using autofs), or perhaps some GUI button on the desktop
489 can be used to access it when needed. Perhaps it is enough to use
490 the fish protocol in KDE?
</li
>
492 <li
>Password checking is set up to use LDAP or Kerberos
493 authentication when the machine is on the Debian Edu network, and
494 to cache the password for offline checking when the machine unable
495 to reach the LDAP or Kerberos server. This can be done using
496 <a href=
"http://www.padl.com/OSS/pam_ccreds.html
">libpam-ccreds
</a
>
497 or the Fedora developed
498 <a href=
"https://fedoraproject.org/wiki/Features/SSSD
">System
499 Security Services Daemon
</a
> packages.
</li
>
501 <li
>File synchronisation with the central home directory is set up
502 using a shared directory in both the local and the central home
503 directory, using unison.
</li
>
505 <li
>Printing should be set up to print to all printers broadcasting
506 their existence on the local network, and should then work out of
507 the box with CUPS. For sites needing accurate printer quotas, some
508 system with Kerberos authentication or printing via ssh could be
509 implemented.
</li
>
511 <li
>For users that should have local root access to their laptop,
512 sudo should be used to allow this to the local user.
</li
>
514 <li
>It would be nice if user and group information from LDAP is
515 cached on the client, but given that there are entries for the
516 local user and primary group in /etc/, it should not be needed.
</li
>
520 <p
>I believe all the pieces to implement this are in Debian/testing at
521 the moment. If we work quickly, we should be able to get this ready
522 in time for the Squeeze release to freeze. Some of the pieces need
523 tweaking, like libpam-ccreds should get support for pam-auth-update
524 (
<a href=
"http://bugs.debian.org/
566718">#
566718</a
>) and nslcd (or
525 perhaps debian-edu-config) should get some integration code to stop
526 its daemon when the LDAP server is unavailable to avoid long timeouts
527 when disconnected from the net. If we get Kerberos enabled, we need
528 to make sure we avoid long timeouts there too.
</p
>
530 <p
>If you want to help out with implementing this for Debian Edu,
531 please contact us on debian-edu@lists.debian.org.
</p
>
projects / homepage.git / blob