Bug#664596: User seems to missing ability to login via ssh/console after some days

[Giorgio Pioda]

On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]
> > Hi,
> 
> Hi.
> 
> > Just remove the "-maxlife" option completely.  Use something like:
> > 
> >  kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"

The default policy I think is 1year, but I'm not sure of it

Regards

Giorgio

> 
> What is the default value when -maxlife is not used?
> --
> Happy hacking
> Petter Reinholdtsen
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/20120320210043.gi18...@login2.uio.no
> 
> 

-- 
Sysadmin SPSE-Tenero
Ufficio:   +41 91 735 62 48 
Cellulare: +41 79 629 20 63



-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120321061517.ga3...@ticino.com

Processed: limit source to debian-edu-config, tagging 664790

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> #debian-edu-config (1.454~svn77105) UNRELEASED; urgency=low
> #
> #  * Translation updates:
> #- Add Danish web page from Joe Hansen. (Closes: #664790)
> #
> limit source debian-edu-config
Limiting to bugs with field 'source' containing at least one of 
'debian-edu-config'
Limit currently set to 'source':'debian-edu-config'

> tags 664790 + pending
Bug #664790 [debian-edu-config] [INTL:da] Danish translation of 
debian-edu-config web
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
664790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664790
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.133230377112707.transcr...@bugs.debian.org

Bug#664596: User seems to missing ability to login via ssh/console after some days]

[Andreas B. Mundt]

Forwarded message, as I forgot to cc the debian-edu list:

On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]

> > Just remove the "-maxlife" option completely.  Use something like:
> >
> >  kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"
>
> What is the default value when -maxlife is not used?
> --

I use a "default" policy created by:

  kadmin.local -q "add_policy -minlength 4 -minclasses 2 default"

A user principal foo with this policy shows the following:

root@mainserver:~# kadmin.local
Authenticating as principal root/admin@INTERN with password.
kadmin.local:  get_principal foo
Principal: foo@INTERN
Expiration date: [never]
Last password change: Thu Mar 01 20:12:10 CET 2012
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Mar 01 20:12:11 CET 2012 (root/admin@INTERN)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 8
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, Version 5
Key: vno 1, ArcFour with HMAC/md5, Version 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1, Version 5
Key: vno 1, DES cbc mode with CRC-32, Version 5
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: default
kadmin.local:

So the default seems to be:

   Password expiration date: [none]

Regards,

Andi



--

A N D R E A S   B.   M U N D T

GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt--
   Andreas B. Mundt--




-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320215612.GB13674@flashgordon

Bug#664596: User seems to missing ability to login via ssh/console after some days

[Andreas B. Mundt]

On Tue, Mar 20, 2012 at 10:00:43PM +0100, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]

> > Just remove the "-maxlife" option completely.  Use something like:
> >
> >  kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"
>
> What is the default value when -maxlife is not used?
> --

I use a "default" policy created by:

  kadmin.local -q "add_policy -minlength 4 -minclasses 2 default"

A user principal foo with this policy shows the following:

root@mainserver:~# kadmin.local
Authenticating as principal root/admin@INTERN with password.
kadmin.local:  get_principal foo
Principal: foo@INTERN
Expiration date: [never]
Last password change: Thu Mar 01 20:12:10 CET 2012
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Mar 01 20:12:11 CET 2012 (root/admin@INTERN)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 8
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, Version 5
Key: vno 1, ArcFour with HMAC/md5, Version 5
Key: vno 1, Triple DES cbc mode with HMAC/sha1, Version 5
Key: vno 1, DES cbc mode with CRC-32, Version 5
Key: vno 1, DES cbc mode with RSA-MD5, Version 4
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - No Realm
Key: vno 1, DES cbc mode with RSA-MD5, Version 5 - Realm Only
Key: vno 1, DES cbc mode with RSA-MD5, AFS version 3
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: default
kadmin.local:

So the default seems to be:

   Password expiration date: [none]

Regards,

Andi



--

A N D R E A S   B.   M U N D T

GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt--
   Andreas B. Mundt--





-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320214740.GA13674@flashgordon

Bug#664790: [INTL:da] Danish translation of debian-edu-config web

[Joe Dalton]

Package: debian-edu-config
Severity: wishlist
Tags: l10n patch

Please include the attached Danish debian-edu-config web translation.

joe@pc:~/over/debianp/skolelinux-web$ msgfmt --statistics -c -v -o /dev/null 
da.po
da.po: 48 oversatte tekster.

bye
Joe


da.po
Description: Binary data

Re: Bug#664596: User seems to missing ability to login via ssh/console after some days

[Petter Reinholdtsen]

[George]
> Hi,

Hi.

> I also try to log in to thinclient using ssh from server. I get the
> question about saving the key and then it asks for a password. I log
> in as the user I created when installing skolelinux, and I even tried
> as another user created via GOsa. The only answer I get back from ssh
> is "Permission denied". I tried to change password, as suggested
> down. But it does not work. I havnt changed anything when it comes to
> ssh so I guess I missed something? Anyone having a clue? I would
> really need to login to the terminal to continue tracking down some
> issues.

To be able to log into a thin client, you have to set the root password
in the LTSP chroot and reboot the thin client for this change to take
effect.  I do not believe the LDAP users are visible on thin clients.

Try to run

  ltsp-chroot -a i386 passwd

as root to set the root password.
-- 
Happy hacking
Petter Reinholdtsen


-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2flpqc7m12b@diskless.uio.no

Bug#664596: User seems to missing ability to login via ssh/console after some days

[Petter Reinholdtsen]

[Andreas B. Mundt]
> Hi,

Hi.

> Just remove the "-maxlife" option completely.  Use something like:
> 
>  kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"

What is the default value when -maxlife is not used?
--
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320210043.gi18...@login2.uio.no

Re: Bug#664596: User seems to missing ability to login via ssh/console after some days

[Andreas B. Mundt]

Hi,

On Tue, Mar 20, 2012 at 09:04:54PM +0100, Petter Reinholdtsen wrote:
> [Petter Reinholdtsen]
> > Anyone got any ideas how to properly fix this?

Just remove the "-maxlife" option completely.  Use something like:

 kadmin.local -q "add_policy -minlength 4 -minclasses 2 user"

Regards,

Andi


> I suspect this patch will solve it for first time installations.  We
> need to figure out how to fix it for existing installations too.
>
> Index: share/debian-edu-config/tools/kerberos-kdc-init
> ===
> --- share/debian-edu-config/tools/kerberos-kdc-init (revisjon 77105)
> +++ share/debian-edu-config/tools/kerberos-kdc-init (arbeidskopi)
> @@ -237,8 +237,9 @@
>  kadmin.local -q "ktadd -k /etc/krb5.keytab.smtp smtp/tjener.intern"
>  chown Debian-exim:Debian-exim /etc/krb5.keytab.smtp
>
> -# Kerberos policy setup
> -kadmin.local -q "addpol -maxlife \"2 days\" -minlength 5 users"
> +# Kerberos policy setup.  Make sure passwords never expire, as
> +# long as LDAP and Samba passwords do not expire.
> +kadmin.local -q "addpol -maxlife never -minlength 5 users"
>  kadmin.local -q "addpol -minclasses 2 hosts"
>  }
>
>
> Anyone know why the -maxlife "2 days" were there in the first place?
> --
> Happy hacking
> Petter Reinholdtsen
>
>
>
> --
> To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/20120320200454.gf18...@login2.uio.no
>

--

--

A N D R E A S   B.   M U N D T

GPG key: 4096R/617B586D 2010-03-22 Andreas B. Mundt--
   Andreas B. Mundt--




-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320203517.GB5795@flashgordon

Re: Bug#664596: User seems to missing ability to login via ssh/console after some days

[Giorgio Pioda]

In my experience with kerberos updating the policies
will NOT affect directly the principals. First
you have to change the policies and then reset passwords with "cpw".

Cheers

Giorgio


On Tue, Mar 20, 2012 at 08:39:29PM +0100, Petter Reinholdtsen wrote:
> I was able to sit down with Alf Tonny and look at this issue, and we
> believe we figured out the problem.  The Kerberos passwords are set in
> policy to expire after two days (172800 seconds).  To see if this is
> the case for your user(s), use this (replace ldapuser with one of your
> local users):
> 
>   root@tjener:~# echo getprinc ldapuser |kadmin.local |grep -i passw
>   Authenticating as principal root/admin@INTERN with password.
>   Last password change: Tue Feb 21 19:05:00 CET 2012
>   Password expiration date: Thu Feb 23 19:05:00 CET 2012
>   Failed password attempts: 0
>   root@tjener:~# 
> 
> If I understand this correctly, one can fix it locally by running this
> as root on tjener:
> 
>   echo modify_policy -maxlife never users | kadmin.local
> 
> It should change the policy to never expire passwords.  But I am
> unsure if this is really working, as the getprinc call then start to
> claim the users passwords will expire around 1970.  And the user can
> not log in using the password, and setting a new password do not
> change the password expiration date.  Setting it to '180days' instead
> of 'never' work, thought.
> 
> Anyone got any ideas how to properly fix this?
> -- 
> Happy hacking
> Petter Reinholdtsen
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/20120320193928.ge18...@login2.uio.no
> 
> 

-- 
Sysadmin SPSE-Tenero
Ufficio:   +41 91 735 62 48 
Cellulare: +41 79 629 20 63


-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320203427.ga8...@ticino.com

Bug#664596: User seems to missing ability to login via ssh/console after some days

[Petter Reinholdtsen]

[Petter Reinholdtsen]
> Anyone got any ideas how to properly fix this?

I suspect this patch will solve it for first time installations.  We
need to figure out how to fix it for existing installations too.

Index: share/debian-edu-config/tools/kerberos-kdc-init
===
--- share/debian-edu-config/tools/kerberos-kdc-init (revisjon 77105)
+++ share/debian-edu-config/tools/kerberos-kdc-init (arbeidskopi)
@@ -237,8 +237,9 @@
 kadmin.local -q "ktadd -k /etc/krb5.keytab.smtp smtp/tjener.intern"
 chown Debian-exim:Debian-exim /etc/krb5.keytab.smtp
 
-# Kerberos policy setup
-kadmin.local -q "addpol -maxlife \"2 days\" -minlength 5 users"
+# Kerberos policy setup.  Make sure passwords never expire, as
+# long as LDAP and Samba passwords do not expire.
+kadmin.local -q "addpol -maxlife never -minlength 5 users"
 kadmin.local -q "addpol -minclasses 2 hosts"
 }
 

Anyone know why the -maxlife "2 days" were there in the first place?
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320200454.gf18...@login2.uio.no

Bug#664596: User seems to missing ability to login via ssh/console after some days

[Petter Reinholdtsen]

I was able to sit down with Alf Tonny and look at this issue, and we
believe we figured out the problem.  The Kerberos passwords are set in
policy to expire after two days (172800 seconds).  To see if this is
the case for your user(s), use this (replace ldapuser with one of your
local users):

  root@tjener:~# echo getprinc ldapuser |kadmin.local |grep -i passw
  Authenticating as principal root/admin@INTERN with password.
  Last password change: Tue Feb 21 19:05:00 CET 2012
  Password expiration date: Thu Feb 23 19:05:00 CET 2012
  Failed password attempts: 0
  root@tjener:~# 

If I understand this correctly, one can fix it locally by running this
as root on tjener:

  echo modify_policy -maxlife never users | kadmin.local

It should change the policy to never expire passwords.  But I am
unsure if this is really working, as the getprinc call then start to
claim the users passwords will expire around 1970.  And the user can
not log in using the password, and setting a new password do not
change the password expiration date.  Setting it to '180days' instead
of 'never' work, thought.

Anyone got any ideas how to properly fix this?
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320193928.ge18...@login2.uio.no

Bug#664596: User seems to missing ability to login via ssh/console after some days

[Petter Reinholdtsen]

[Alf Tonny Bätz]
> Are trying to find out more about this, and will give out more info
> as i find it

Can you try the following while logged in as the problematic user,
before and after the problem occur.

LDAP bind password checking:

  ldapwhoami -Z -W -D $(ldapsearch -x "(uid=$(whoami))"|awk '/dn:/ { print $2}')

Kerberos password checking:

  kinit

Also, it would be useful if you could run this as root to extract the
LDAP object for the affected user.  Remember to replace 'pere' with
the username in question.

  slapcat | tr "\n" "\t" | sed "s/\t\t/\n/g" | grep uid=pere | tr "\t" "\n"

This will provide the password hashes, so please only do this if it is
OK to share the passwords.  Please also provide the password set
originally and the password set later on, with information about when
the password were changed and which method were used.

Last, is there anything interesting in the syslog?  Please run this as
root:

  zgrep gosa /var/log/syslog*
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120320184932.gd18...@login2.uio.no

Thanks for participating at the Debian Edu gathering

[Knut Yrvin]

I want to thank everyone who participated in developing gathering for 
Debian Edu, Skolelinux, LibreOffice, Plasma Active and other free software 
project for school the last weekend, March 16-18. 

http://friprogramvareiskolen.no/Gathering/2012-03-16-18-Oslo

It was good attendance and great enthusiasm from both old and new 
contributors. On Saturday new contributors was introduced to LibreOffice, 
Skolelinux and the tablet solution Plasma Active. There was so much facts 
which was presented, so we had to limit the numbers or presentations, 
postponing two to the next gathering. We also got a walk through on ideas 
for Debian Edu, Skolelinux, LibreOffice and other free software projects for 
students going forward. 

I would particularly like to thank Knut Olav Bøhmer, Olaf Dahlum, Petter 
Reinholdtsen at the student group working on Plasma Active for their 
informative and good presentations.

Here is a small introduction of the new contributors. Oh, the students 
will be introduction at a later stage, where they got more to present. Let 
me concentrate on the three "newbees" first: 

- Osmo Antero who is originally from Finland will help the students when 
building the prototypes for improving the Plasma Active User eXperience 
(UX). He got many years of development experience, being in depth familiar 
with Debian-based systems and Gtk. He will assist with problem solving, so 
students and others who need in depth technical answers on questions 
bringing the development forward. 

- Kjell Arne Rekaa from Norway will assist in the marketing efforts. Kjell 
Arne got many years of of development experience, and are now working with 
IT architecture at Sparebank 1 Bank Group. He helps designing their online 
bank services for 650,000 customers.

- Ingrid Yrvin form Norway has worked for many years at The Norwegian 
Directorate of Education. In recent years she has been worked as an online 
journalist and editor for several of their online publications. She is now 
retired. Ingrid will assist with translation of the Skolelinux project 
together with here husband when he retires in the fall this year. 

Finally, I thank the Norwegian free software company FreeCode[1] for 
borrowing us their offices and meeting rooms for the sprint, including their 
canteen. It worked great. I should mention that Qt at Nokia is sponsoring 
Debian Edu sprints going forward.  The top management at FreeCode also 
expressed their mandatory willingness to lend us the facilities at later 
develop sprints, which now comes in pearls on a row going forward.  Stay 
tuned, you're invited!

1. http://www.freecode.no/

Best regards

Knut Yrvin
--
President -- Fri programvare i skolen (Free Software In Schools)
Please participate in making free software for schools
mob: + 47 934 79 561


--
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4538369.YBtJasfRsr@hjemme-pc

Re: flashplugin-nonfree in diskless workstations

[Petter Reinholdtsen]

[Alf Tonny Bätz]
> to get that on diskless you have to install it in chroot to.
> 
> Regards Alf Tonny Bätz
> 
> chroot /opt/ltsp/i386 (enter)
> 
> then you install program to diskless,

This is correct.  But in the Squeeze version, there is a ltsp-chroot
program that is better to use than the chroot program directly.  On an
amd64 server, you need to specify 'ltsp-chroot -a i386'.

We should cover this in the manual if it isn't covered already.  There
is a section about handling flash.  Please update it if it is unclear.
-- 
Happy hacking
Petter Reinholdtsen


--
To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2flvclzmjik@diskless.uio.no

Re: flashplugin-nonfree in diskless workstations

[Alf Tonny Bätz]

to get that on diskless you have to install it in chroot to.

Regards Alf Tonny Bätz

chroot /opt/ltsp/i386 (enter)

then you install program to diskless,


2012/3/20 George 

> Hi,
>
> I installed the nonfree flashplugin because the gnash one does not work
> very well on youtube (or svt.se). That solved the problems for
> thinclients. But I have some computers I want to run as diskless
> workstations. How do I install flashplugin-nonfree in to those?
> As it is now, I have the flashplugin-nonfree working at the server, and
> in thinclients, but not in diskless workstations.
>
>
> Regards  /George
>

flashplugin-nonfree in diskless workstations

[George]

Hi,

I installed the nonfree flashplugin because the gnash one does not work very 
well on youtube (or svt.se). That solved the problems for thinclients. But I 
have some computers I want to run as diskless workstations. How do I install 
flashplugin-nonfree in to those?
As it is now, I have the flashplugin-nonfree working at the server, and in 
thinclients, but not in diskless workstations.


Regards  /George

Re: Bug#664596: User seems to missing ability to login via ssh/console after some days

[George]

Hi,

Thanks for your effort.

Yes, I did change the password using the sudo user.
I have the user with sudo rights (george) and a test user (testes)
I was logged in as george and using GOsa I changed the password for testes and 
tried to ssh to the thin client. I got "Connection closed by 192.168.0.24" from 
the thinclient.

I also changed pwd for the default user created at installation "george". When 
trying to login as george I get "Permission denied, please try again."

Regards  /George

--- Den tis 2012-03-20 skrev Alf Tonny Bätz :

Från: Alf Tonny Bätz 
Ämne: Re: Bug#664596: User seems to missing ability to login via ssh/console 
after some days
Till: "George" 
Kopia: debian-edu@lists.debian.org
Datum: tisdag 20 mars 2012 12:48

Did you change det password to the user with the sudo user you createt under 
installations? 
the user them self cant change the password to make ssh work when this bug has 
come.

I had to change it for the user to make ssh work again.


Regards Alf Tonny Bätz

2012/3/20 George 

Hi,

I also try to log in to thinclient using ssh from server. I get the question 
about saving the key and then it asks for a password. I log in as the user I 
created when installing skolelinux, and I even tried as another user created 
via GOsa. The only answer I get back from ssh is "Permission denied". I tried 
to change password, as suggested down. But it does not work. I havnt changed 
anything when it comes to ssh so I guess I missed something? Anyone having a 
clue? I would really need to login to the terminal to continue tracking down 
some issues.


Regards  /George

--- Den mån 2012-03-19 skrev Mike Gabriel :


Från: Mike Gabriel
 
Ämne: Re: Bug#664596: User seems to missing ability to login via ssh/console 
after some days
Till: debian-edu@lists.debian.org

Datum: måndag 19 mars 2012 23:20

Hi Alf,

On Mo 19 Mär 2012 09:24:51 CET Alf Tonny Bätz wrote:

> package: debian-edu-config
> severity: minor
> version: squeeze

> 
> Have come over a problem with that a user cant after some days loging with 
> ssh.
> 
> The users password works in gosa, and only way to activate login with
> ssh again, is to change the password, and login with ssh works again

> for some days.
> Are trying to find out more about this, and will give out more info as i find 
> it
> 
> regards Alf Tonny Bätz

I can confirm this and suppose this might be related to setting a Kerberos 
policy for user principals. (in
 gosa-create.sh).

Greets,
Mike


--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419


GnuPG Key ID 0xB588399B
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de


freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Re: Bug#664596: User seems to missing ability to login via ssh/console after some days

[Alf Tonny Bätz]

Did you change det password to the user with the sudo user you createt
under installations?
the user them self cant change the password to make ssh work when this bug
has come.

I had to change it for the user to make ssh work again.

Regards Alf Tonny Bätz

2012/3/20 George 

> Hi,
>
> I also try to log in to thinclient using ssh from server. I get the
> question about saving the key and then it asks for a password. I log in as
> the user I created when installing skolelinux, and I even tried as another
> user created via GOsa. The only answer I get back from ssh is "Permission
> denied". I tried to change password, as suggested down. But it does not
> work. I havnt changed anything when it comes to ssh so I guess I missed
> something? Anyone having a clue? I would really need to login to the
> terminal to continue tracking down some issues.
>
> Regards  /George
>
> --- Den *mån 2012-03-19 skrev Mike Gabriel <
> mike.gabr...@das-netzwerkteam.de>*:
>
>
> Från: Mike Gabriel 
> Ämne: Re: Bug#664596: User seems to missing ability to login via
> ssh/console after some days
> Till: debian-edu@lists.debian.org
> Datum: måndag 19 mars 2012 23:20
>
>
> Hi Alf,
>
> On Mo 19 Mär 2012 09:24:51 CET Alf Tonny Bätz wrote:
>
> > package: debian-edu-config
> > severity: minor
> > version: squeeze
> >
> > Have come over a problem with that a user cant after some days loging
> with ssh.
> >
> > The users password works in gosa, and only way to activate login with
> > ssh again, is to change the password, and login with ssh works again
> > for some days.
> > Are trying to find out more about this, and will give out more info as i
> find it
> >
> > regards Alf Tonny Bätz
>
> I can confirm this and suppose this might be related to setting a Kerberos
> policy for user principals. (in gosa-create.sh).
>
> Greets,
> Mike
>
>
> --
> DAS-NETZWERKTEAM
> mike gabriel, dorfstr. 27, 24245 barmissen
> fon: +49 (4302) 281418, fax: +49 (4302) 281419
>
> GnuPG Key ID 0xB588399B
> mail: 
> mike.gabr...@das-netzwerkteam.de,
> http://das-netzwerkteam.de
>
> freeBusy:
>
> https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
>
>

Re: Bug#664596: User seems to missing ability to login via ssh/console after some days

[George]

Hi,

I also try to log in to thinclient using ssh from server. I get the question 
about saving the key and then it asks for a password. I log in as the user I 
created when installing skolelinux, and I even tried as another user created 
via GOsa. The only answer I get back from ssh is "Permission denied". I tried 
to change password, as suggested down. But it does not work. I havnt changed 
anything when it comes to ssh so I guess I missed something? Anyone having a 
clue? I would really need to login to the terminal to continue tracking down 
some issues.

Regards  /George

--- Den mån 2012-03-19 skrev Mike Gabriel :

Från: Mike Gabriel 
Ämne: Re: Bug#664596: User seems to missing ability to login via ssh/console 
after some days
Till: debian-edu@lists.debian.org
Datum: måndag 19 mars 2012 23:20

Hi Alf,

On Mo 19 Mär 2012 09:24:51 CET Alf Tonny Bätz wrote:

> package: debian-edu-config
> severity: minor
> version: squeeze
> 
> Have come over a problem with that a user cant after some days loging with 
> ssh.
> 
> The users password works in gosa, and only way to activate login with
> ssh again, is to change the password, and login with ssh works again
> for some days.
> Are trying to find out more about this, and will give out more info as i find 
> it
> 
> regards Alf Tonny Bätz

I can confirm this and suppose this might be related to setting a Kerberos 
policy for user principals. (in gosa-create.sh).

Greets,
Mike


--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb