On 24. aug. 2010 02:26, Andreas B. Mundt wrote: >> 2. The addition of kerberos calls for some hooks. gosa tries to solve >> this by setting passwords using sudo, which thankfully fails, or else >> everyone with access to the auth-file could read all the passwords given >> to each user. not that much of a problem if the user changes the >> passowrd using pam, but if the user changes to h*s favourite password >> using gosa, the admin can look this up. I'll try to write some php code >> to store the kerberos password from within lwat, but I can see some >> conflicts if somethin fails during password changes. (not sure why >> things changes) > > I am not sure what you mean with the "auth-file". If you mean > /var/log/auth.log, > there should be no logging of passwords etc. by gosa sudo calls. Logging is > switched of in > <URL:http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/ldap-bootstrap/sudo.ldif>. > > Doesn't this work anymore?
Well, I had a lot of lines in the log with usernames/passwords when creating users. Maybe it was because I had added a user in /etc/sudoers ? >> 4. is the mail setup of debian-edu changed ? Looks like everythin is >> sent to /var/mail/<uid>. Also courier is replaced by dovecot. Is the >> dovecot setup working ? > > <URL:http://lists.debian.org/debian-edu/2010/05/msg00180.html> > The mail setup with dovecot worked fine the last time I tested > it. Users can authenticate to the imap server using their kerberos > ticket. When sending mails, it is checked that sender's address > corresponds to the principal. Fine, I'll check later, but I take your word for it. > Finn-Arne, I guess it would be quite help-full for the project if you > could outline what your short- and longterm plans regarding LWAT are. The goal for lwat was to create a usable Ldap Web Adminstration tool, and that's still the goal. And if you install lwat on a (non-debian-edu) server uses ldap for authentication, it's still a helpfull tool. ... > Have you ever thought about adding a plugin to GOsa which adds the > features special to schools' use cases? With that approach, the code > that needs your maintenance might be smaller, and by sharing it with > others, everybody might profit in the end? I looked at several tools years ago, including gosa, and found that it didn't fill the need for debian-edu, at least not my custommers. Taken the audience of debian-edu in Norway, I'm still not sure that gosa will fit. To answer the original question: Is LWAT completetly broken in Squeeze? The answer is no. There has been changes in the setup in debian-edu, which calls for (slightly) different config-file for lwat, and for new templates. I think these changes was introduced May, after that we've had a rather busy period. But I hope we are not the only people in the project that understands ldap ? // faj -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
