LOGUSER feature
Gémes Géza
geza at kzsdabas.hu
Thu Mar 1 20:17:04 CET 2012
2012-02-29 21:32 keltezéssel, Andreas B. Mundt írta:
> Hi,
>
> I try to get the LOGUSER-feature working as described in fai.conf:
>
> # LOGUSER: an account on the install server which saves all log-files
> # and which can change the kernel that is booted via network.
> # Configure .rhosts for this account and PAM, so that root can log in
> # from all install clients without password. This account should have
> # write permissions for /srv/tftp/fai. For example, you can use write
> # permissions for the group linuxadm. chgrp linuxadm
> # /srv/tftp/fai;chmod
> # g+w /srv/tftp/fai. If the variable is undefined, this feature is
> # disabled.
> # Define it, to enable it, eg. LOGUSER=fai
>
> The user is created by faisetup and .ssh/ is setup correctly in the
> nfsroot. However, with /bin/false as login shell in /etc/passwd scp
> and thelike seems to fail.
>
> Does anybody use this feature successfully? Or has /etc/passwd to be
> modified?
>
> Best regards
>
> Andi
>
>
> PS.: I think about using the LOGUSER to distribute my keytabs,
> cf. last paragraph in
> https://lists.uni-koeln.de/pipermail/linux-fai/2012-February/009554.html
Hi,
I do use it successfully (I'm still learning fai so it is running in a
test environment), but I'v set up the LOGUSER manually:
1. Created a user (with password set to ! in /etc/shadow)
2. su to that user and run ssh-keygen
3. copy the .ssh directory to /root on the nfsroot, and id_rsa.pub or
id_dsa.pub to ~/.ssh/authorized_keys for the LOGUSER (mine has home set
to /var/log/fai and given write permission to /srv/tftp)
For the keytab part I plan (it is not implemented yet) to use puppet
after instalation.
Regards
Geza
More information about the linux-fai
mailing list