Re: [arch-general] aur/solr: Unknown PGP key
On Sat, 2018-07-28 at 01:38 +0200, Ralf Mardorf wrote: > JFTR by accident Ralph wrote "Eli wrote:", while it should read "Ralf > wrote:". Most likely he selected my reply quoted by Eli's mail, before > invoking the reply to Eli's mail. My apologies, I also didn't notice > this, when I replied to Ralph's mail, so I didn't fix it. A thing like > that could happen ;). Oops, it were nested quotes, my bad.
Re: [arch-general] aur/solr: Unknown PGP key
JFTR by accident Ralph wrote "Eli wrote:", while it should read "Ralf wrote:". Most likely he selected my reply quoted by Eli's mail, before invoking the reply to Eli's mail. My apologies, I also didn't notice this, when I replied to Ralph's mail, so I didn't fix it. A thing like that could happen ;).
Re: [arch-general] aur/solr: Unknown PGP key
On Fri, 2018-07-27 at 08:10 +0100, Ralph Corderoy wrote: > Hi Ralf, > > Eli wrote: > > > It's a hint that not every user likes 'auto-key-retrieve', but > > > instead only manually retrieve keys, if it makes sense to the user > > > to retrieve a key. > > Thanks, I found it on topic, given Peter explicitly mentioned the > option, and very helpful. I've added a note to the suggestion in > https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver Thank you Ralph, for editing the Wiki. > > > I don't see a valid reason, to e.g. retrieve the keys that belong to > > > an unknown signature of an email send via a mailing list, just to > > > get automatically keys when building something from AUR. > > Me neither, but > https://wiki.archlinux.org/index.php/Pacman/Package_signing doesn't > suggest `auto-key-retrieve'. I didn't read all related Wiki pages, but seemingly non, including https://wiki.archlinux.org/index.php/makepkg mention Eli's hint, to use echo 'GNUPGHOME="$HOME"/.gnupg-makepkg' >> "$HOME"/.config/pacman/makepkg.conf Fortunately the manpage does. $ man makepkg | grep GNUPGHOME GNUPGHOME="/path/to/directory" I'm short in time and apart from this I'm uncertain, if it's worth to add this to the Arch Wiki. Regards, Ralf
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
On 2018-07-27 19:07, Foxtrot Mike via arch-general wrote: Hi all, Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic. I'm not sure about the auth part given my little experience with it, but if you're going to log into a server via RDP, can't you simply have your lightweight machine automatically open a default session [1], connect to the windows server, and authenticate users there? If you're going to only have one app running on the client machines, you don't need a window manager; xinit do that [2] [3] [1] https://wiki.archlinux.org/index.php/Xinit#Autostart_X_at_login [2] https://wiki.archlinux.org/index.php/Xinit#Starting_applications_without_a_window_manager [3] https://bbs.archlinux.org/viewtopic.php?id=107319
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
Em julho 27, 2018 16:24 ProgAndy escreveu: The Arctica Project seems to be in the process of implementing exactly what you want. https://arctica-project.org/ https://github.com/ArcticaProject/remote-logon-service It looks they are using Nomachine's nx libraries, the same x2go uses. And, the fact the transport is over SSH, makes it look a lot like x2go. But, it seems to me that the project is very much on the beginning, I wouldn't use it also for production. Regards, Giancarlo Razzolini pgpkJSEb_PTmJ.pgp Description: PGP signature
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
Am 27.07.2018 um 19:46 schrieb Foxtrot Mike via arch-general: On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote: Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu: Here are the major tasks: 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done. 3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again. 4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now. Hi Mike, You have some options here. I suggest you look into x2go and ltsp for starters. I don't suggest you use plain X over the network. With those 2 options you can have this kiosk mode you want, for the users to only be able to access windows. Regards, Giancarlo Razzolini Thanks for the reply. The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires. Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script. Regards. The Arctica Project seems to be in the process of implementing exactly what you want. https://arctica-project.org/ https://github.com/ArcticaProject/remote-logon-service Regards, Andy
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
Em julho 27, 2018 14:46 Foxtrot Mike via arch-general escreveu: The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires. You have more than one option to authenticate to windows AD servers [0] . You have PAM Ldap, winbind, making a samba server the secondary controller, etc. You will probably need a local home dir for storing session data, but this can be created/destroyed on demand. Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script. Why reinvent the wheel here? I understand the need for learning, but I wouldn't do this on something that is intended as a production system. Again, don't use plain X protocol over the network, it's very wasteful. Regards, Giancarlo Razzolini [0] https://wiki.archlinux.org/index.php/Active_Directory_Integration pgpO1oJ1yeqzb.pgp Description: PGP signature
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
On 2018-07-27 19:46, Foxtrot Mike via arch-general wrote: > > The issue with x2go and ltsp is that I'll have to separately manage > username and passwords for local Linux login. The solution that I'd > rather prefer would use Active directory authentication so the current > system administrator won't have to do anything extra. The group policies > are already there. Once the Arch system is properly configured, I'd > disable local logins so there will be very limited chance for a user to > corrupt/modify Arch system. And ideally, the user would have no way to > interact with the local system. Thats why I want to limit the user to > freeRDP. Anything else, and the X-session expires. I'm not up to speed on the windows world, but could PAM LDAP authentication perhaps be of help here? Regards,
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
On 07/27/2018 10:16 PM, Giancarlo Razzolini wrote: > Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu: >> >> Here are the major tasks: >> >> 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am >> a little confused. There are supposedly many different ways with >> little changes to do this. [1] is one solution. LDAP is also a >> possibility. I need advice from someone who knows this field better >> than me :p >> >> 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess >> [2] will get this done. >> >> 3- How to ask freerdp to authenticate using the ticket received from >> TGT during LightDM Domain authentication? If I could somehow >> configure freerdp to use Kerberos Tickets then the user won't have to >> enter his Domain password again. >> >> 4- How to ask i3-wm to close the X-session when freeRDP quits? I read >> something a while ago about .xsession files to achieve this >> functionality, but can't find it now. >> > Hi Mike, > > You have some options here. I suggest you look into x2go and ltsp for > starters. > I don't suggest you use plain X over the network. > > With those 2 options you can have this kiosk mode you want, for the > users to only > be able to access windows. > > Regards, > Giancarlo Razzolini Thanks for the reply. The issue with x2go and ltsp is that I'll have to separately manage username and passwords for local Linux login. The solution that I'd rather prefer would use Active directory authentication so the current system administrator won't have to do anything extra. The group policies are already there. Once the Arch system is properly configured, I'd disable local logins so there will be very limited chance for a user to corrupt/modify Arch system. And ideally, the user would have no way to interact with the local system. Thats why I want to limit the user to freeRDP. Anything else, and the X-session expires. Plus, I am very much into embedded linux systems (routers, SBCs, etc). I think putting the various pieces together would be give me a lot more to learn as compared to using a third party specialized software such as a kiosk script. Regards.
Re: [arch-general] Arch Linux PC as a Remote Desktop Node
Em julho 27, 2018 14:07 Foxtrot Mike via arch-general escreveu: Here are the major tasks: 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done. 3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again. 4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now. Hi Mike, You have some options here. I suggest you look into x2go and ltsp for starters. I don't suggest you use plain X over the network. With those 2 options you can have this kiosk mode you want, for the users to only be able to access windows. Regards, Giancarlo Razzolini pgpuzLJY49WNT.pgp Description: PGP signature
[arch-general] Arch Linux PC as a Remote Desktop Node
Hi all, Currently we have around 10 employees who develop software using Visual Studio. The idea is to install the development tools on the Windows Server system, and to have all the developers connect to the server over RDP using low-end low-power computers. The server is pretty beefy though. The low end client PCs will save up-front cost as well as power bills. The network backend will not have any issue with the increased RDP traffic. I have been using Arch Linux for some years now, so I undertook this as a research project. I want to use the Arch system as a Remote Desktop node. The Arch system would use a login manager (such as lightdm) to authenticate users from Windows Domain. Once the user has been authenticated, the system is supposed to automatically open a RDP connection (using freerdp) to the Windows Server (if possible, using the credentials provided to lightdm so the user doesn't have to enter his password twice). As soon as the user quits the RDP session, his X-session should also be closed automatically. Here are the major tasks: 1- Ask LightDM to use Windows Domain (Kerberos) authentication. I am a little confused. There are supposedly many different ways with little changes to do this. [1] is one solution. LDAP is also a possibility. I need advice from someone who knows this field better than me :p 2- How to ask i3-wm (my default wm) to run freerdp at login? I guess [2] will get this done. 3- How to ask freerdp to authenticate using the ticket received from TGT during LightDM Domain authentication? If I could somehow configure freerdp to use Kerberos Tickets then the user won't have to enter his Domain password again. 4- How to ask i3-wm to close the X-session when freeRDP quits? I read something a while ago about .xsession files to achieve this functionality, but can't find it now. Any help would be appreciated! Regards. [1] https://wiki.archlinux.org/index.php/Active_Directory_Integration#Join_the_domain [2] https://i3wm.org/docs/userguide.html#_automatically_starting_applications_on_i3_startup
Re: [arch-general] aur/solr: Unknown PGP key
Hi Ralf, Eli wrote: > > It's a hint that not every user likes 'auto-key-retrieve', but > > instead only manually retrieve keys, if it makes sense to the user > > to retrieve a key. Thanks, I found it on topic, given Peter explicitly mentioned the option, and very helpful. I've added a note to the suggestion in https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver > > I don't see a valid reason, to e.g. retrieve the keys that belong to > > an unknown signature of an email send via a mailing list, just to > > get automatically keys when building something from AUR. Me neither, but https://wiki.archlinux.org/index.php/Pacman/Package_signing doesn't suggest `auto-key-retrieve'. > Ah, so, as I expected, it was just a standard prototypical offtopic > derail. Thanks for clarifying. Am I alone in finding Eli's comments unnecessarily sarcastic and tiresome? I'm happy the Arch Linux community values a succinct and frank exchange of views, but it could still be high signal without the low-wit sarcasm by a few, and would be that bit nicer. -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy