Ubuntu
ltsp package

[FR] user list in ldm

Bug #109270 reported by Michael Shigorin
4
Affects Status Importance Assigned to Milestone
ltsp (Ubuntu)
Invalid
Undecided
Scott Balneaves

Bug Description

As discussed half an hour ago with ogra on #ltsp, it might be nice for quite some LTSP deployment environments to be able to provide user list in display manager. Due to ldm seemingly the only supported transport for localdev currently and missing that feature, it forces to fall back to ltsp4 method of doing that (and kdm/gdm).

<gvy> now we're pretty much there but localdev :)
<ogra> gvy, actually we only use the ltspfsd and ltspfs binaries from the old implemetation
<gvy> ogra, ah; those worked
<ogra> all the surrounding bits (tthe actual stuff that makes it work) were rewritten for ltsp5
<ogra> all you need is a chroot
<ogra> gvy, the ltsp5 implementation doesnt use lbus anymore but an ssh tunnel provided by ldm ... all mounting happens natively through udev rules on the client ...
<ogra> ... on the server side we have one script and a suid root binary that moves the mount to /media/$USER/<drivename>
<gvy> ogra, tnx
<gvy> anyone with e.g. kdm goes north-west? :)
<ogra> anyone not using ldm, yes
<ogra> (which you shouldnt do anyway XDMCP is da evil)
<gvy> :]
<ogra> gvy, sbalneav is working on an X tunneled communication layer for gutsy (7.10) .... then XDMCP should work as well again ...
<ogra> and i'm working on proper hal integration for october
<gvy> ogra, re ldm: a colleague tells that ldm misses userlist for us
<ogra> gvy, not implemented yet
<ogra> gvy, i just started a C/Gtk rewrite that should have some extra features in october
<gvy> ogra, well... from mgmt pov it's not exactly sane to roll out a new mechanism for mounting as default (especially breaking the robust existing one) to narrow down dm support to half-written one
<ogra> half written one ?
<gvy> just as a side note from someone who've seen/done that way too often :]
<gvy> ldm
<ogra> sorry, but i dont agree ldm is written for a purpose and fulfills this since three releases
<gvy> userlist seems quite critical at TS deployments I've seen (and in LDAP-based standalone WS deployments as well)
<gvy> ogra, well I'm exactly about different purposes
<ogra> 1.5 years is quite some time to file a whishlist bug about missing fetures
<gvy> nevermind, it's rather a surprise for me, not moaning about how bad all is :-)
<gvy> I'll try to

So here it is, in this proprietary bug silo. :)

Revision history for this message
Scott Balneaves (sbalneav) wrote :

I'm not going to consider this for gutsy. We can discuss it's merits for gutsy+1

It would certainly have to be an option that was not on by default.

Changed in ltsp:
assignee: nobody → sbalneav
status: New → Confirmed
Revision history for this message
Michael Shigorin (mike-osdn) wrote : Re: [Bug 109270] Re: [FR] user list in ldm

On Thu, Jul 12, 2007 at 01:36:39PM -0000, Scott Balneaves wrote:
> I'm not going to consider this for gutsy. We can discuss it's merits
> for gutsy+1
>
> It would certainly have to be an option that was not on by default.

NP, but as discussed with ogra, there are considerable technical
problems with implementation.

> ** Changed in: ltsp (Ubuntu)
> Assignee: (unassigned) => Scott Balneaves
> Status: New => Confirmed
>

--
 ---- WBR, Michael Shigorin <email address hidden>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Revision history for this message
Scott Balneaves (sbalneav) wrote :

I'm going to mark this as invalid.

Really, with LDM being at the other end of an ssh tunnel, there's no sane way to get a list of available users on the screen before login, without opening up your box to something that could be exploited to find out user names simply.

I realize you can get gdm to do this, but it's not a good idea, and I've yet to see a convincing argument as to why it needs to be there.

Marking as invalid, if someone wants to agitate for it, lets get a new bug filed.

Cheers,
Scott

Changed in ltsp:
status: Confirmed → Invalid
Revision history for this message
Michael Shigorin (shigorin) wrote :

There's no secure way to provide user list to ldm only, except by using public key cryptography I think -- and that would be overkill.

I see no problem with something that can be enabled or disabled at server side "that could be exploited to find out user names simply" since things like that are admin policy decision, no less and no more. Judging this idea as "good" or "bad" is deciding for all the admins out there who might need or oppose such a feature, but insisting that a person who would oppose it should implement it is broken as well -- so while I'm pretty happy with kdm/xdmcp-way providing our customers with the functionality needed, it's no problem that this cannot be done with ldm.

No more agitation I hope ;-)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.