Re: Is LWAT completely broken in Squeeze?
On 13. aug. 2010 13:12, Holger Levsen wrote:
> Hi Finn-Arne,
>
> On Montag, 2. August 2010, Finn-Arne Johansen wrote:
>> Last time i checked, I had no problem getting it to work. The plan is to
>> release a 0.18 which works with squeeze.
>>
>> Not sure if all patches will make it into 0.18, though.
>>
>> Then there will be some clean up to make it work better with dns/dhcp.
>
> do you still plan to do this for squeeze? there is only little time still
> left...
I finally got around to look at this.
There are several issues.
1. Someone changed debian-edu-config, so that the user templates in lwat
made for debian-edu doesn't fit anymore. There is at least 2 issues
1.1 The posixGroup "none" needs to be put in double-quotes (or else lwat
fails to load the different templates)
1.2 The obscure lis.scheme file are gone for the config (thankfully),
but the templates made use of them by default in debian-edu
1.3 There were other scheme-changes, causing the user-templates to fail.
2. The addition of kerberos calls for some hooks. gosa tries to solve
this by setting passwords using sudo, which thankfully fails, or else
everyone with access to the auth-file could read all the passwords given
to each user. not that much of a problem if the user changes the
passowrd using pam, but if the user changes to h*s favourite password
using gosa, the admin can look this up. I'll try to write some php code
to store the kerberos password from within lwat, but I can see some
conflicts if somethin fails during password changes. (not sure why
things changes)
3. Maybe some preseeding of lwat fails. not sure where the bug is located.
4. is the mail setup of debian-edu changed ? Looks like everythin is
sent to /var/mail/<uid>. Also courier is replaced by dovecot. Is the
dovecot setup working ?
5. are there still needs for checking the passwords in ldap, or could
the password be removed from ldap, and only stored in kerberos ?
// faj
Reply to: