[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is LWAT completely broken in Squeeze?

Hi,

On Mon, Aug 23, 2010 at 06:42:58PM +0200, Finn-Arne Johansen wrote:
> On 13. aug. 2010 13:12, Holger Levsen wrote:
> > On Montag, 2. August 2010, Finn-Arne Johansen wrote:
[...]
> >> release a 0.18 which works with squeeze.
> >>
> >> Not sure if all patches will make it into 0.18, though.
> >>
> >> Then there will be some clean up to make it work better with dns/dhcp.
> > 
> > do you still plan to do this for squeeze? there is only little time still 
> > left...
> 

> I finally got around to look at this.
> There are several issues.

[...]

> 2. The addition of kerberos calls for some hooks. gosa tries to solve
> this by setting passwords using sudo, which thankfully fails, or else
> everyone with access to the auth-file could read all the passwords given
> to each user. not that much of a problem if the user changes the
> passowrd using pam, but if the user changes to h*s favourite password
> using gosa, the admin can look this up. I'll try to write some php code
> to store the kerberos password from within lwat, but I can see some
> conflicts if somethin fails during password changes. (not sure why
> things changes)

I am not sure what you mean with the "auth-file". If you mean /var/log/auth.log,
there should be no logging of passwords etc. by gosa sudo calls. Logging is switched of in
<URL:http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/ldap-bootstrap/sudo.ldif>. 
Doesn't this work anymore?

[...]

> 4. is the mail setup of debian-edu changed ? Looks like everythin is
> sent to /var/mail/<uid>. Also courier is replaced by dovecot. Is the
> dovecot setup working ?

<URL:http://lists.debian.org/debian-edu/2010/05/msg00180.html>
The mail setup with dovecot worked fine the last time I tested
it. Users can authenticate to the imap server using their kerberos
ticket. When sending mails, it is checked that sender's address
corresponds to the principal. Further more, users receive a welcome
mail (which never worked with LWAT btw. <URL:http://bugs.debian.org/568407>,
<URL:http://bugs.skolelinux.org/show_bug.cgi?id=1438>).


Finn-Arne, I guess it would be quite help-full for the project if you
could outline what your short- and longterm plans regarding LWAT are.

I do not think that a single-action approach with years of silent
non-activity in between are leading to a satisfactory user- and 
developer experience in the long run. This doesn't help anybody. (At
least not all the users that look for alternatives almost immediately
and the developers that try (or tried) to improve LWAT by providing
patches and/or bug reports). In my opinion, fixing LWAT just to have
it limping along is a waste of time and effort.

Have you ever thought about adding a plugin to GOsa which adds the
features special to schools' use cases? With that approach, the code
that needs your maintenance might be smaller, and by sharing it with
others, everybody might profit in the end?

Best regards,

     Andi
Reply to: