[Lancaster] Folly Terminals are go!

Ken Hough kenhough at uklinux.net
Sat May 29 22:29:35 BST 2004 

At the risk of repeating myself, I believe we should aim at simplicity 
as for as is possible. Otherwise it might be difficult for successive 
maintainers to keep a handle on the system.

Ken Hough

Andy Baxter wrote:
> sent this just to Matthew by mistake - sending on to the list (plus an 
> afterthought)
> 
> On Friday 28 May 2004 10:27, you wrote:
> 
>>On Thu, May 27, 2004 at 11:49:43PM +0100, Andy Baxter wrote:
>>
>>>also have a seperate root password for the terminals (but the same one
>>>for each of these), so someone shoulder-surfing while we're working on it
>>>can't get the server p/w.
>>
>>How about giving LUG people unlimited sudo on the terminals so if an
>>account gets surfed nobody else needs to be notified about the password
>>change?
> 
> 
> Trouble with that is it means creating and managing half a dozen accounts on 
> each of the terminals, when there's no need for more than one or two (root 
> and maybe guest)
> 
> 
>>>I reckon for the moment, just make a separate account for each terminal,
>>>and have a note on the box saying which one to log in as. Some time we
>>>might be able to figure a way to bring up a login screen which just has
>>>one guest account which gets directed to separate accounts for each
>>>machine, but this is going to be tricky I think.
>>
>>Hmm ... how about pam_ldap and give each terminal a different base DN to
>>surf on, so 'guest' on each terminal maps to a different uid? (and on the
>>server the guest uid for each terminal is in a single 'termguest' group so
>>the permissions can be managed easily)
> 
> 
> How would this work? The logins aren't done on the terminals at all, they're 
> through the server's display manager using xdmcp, so I don't see how you 
> could do this.
> 
> One way that would probably work, but would be quite inefficient, is to start 
> 3 separate display managers on different ports, with each machine logging in 
> on a different port. Then have 3 separate kdm config files.
> 
> Another way would be to have a single guest-login account, but somehow put 
> something in the XSession script which works out which client the session is 
> being started from, and then su's to a guest account for that client before 
> loading the session. Not at all sure how to do this though.
> 
> PS. - just found out that if you create a file containing the string 
> SERVERHOST, then run this through xrdb -n, the string will be replaced by the 
> hostname of the machine serving the display. So that bit is possible, but I'm 
> not sure how to switch accounts during the Xsession script - su always wants 
> a password to log in to a new account.
> 
> 
>>- Matt
>>
>>PS: now in Bath working for Netcraft so it's unlikely I'll be able to make
>>the meetings in the near future - more than happy to help hands-on with
>>anything that can be done remotely, though.
> 
>

More information about the Lancaster mailing list