IRC Logs for #crux-devel Tuesday, 2014-03-04

nomiusPlease don't include pam :-$00:43
jaegerwhy not?01:08
nomiusBeucase it just add a crappy complex layer :-S02:20
jaegerIf you have a good reason not to consider it, elucidate it. "Because RH and Ubuntu use it" or "crappy" aren't good reasons.02:23
jaegerYes, it's slightly more complex. It has some nice features we currently can't support such as AD/LDAP authentication, yubikeys, that sort of thing02:24
nomiusAD requires pam?02:25
jaegerAll the ways I'm aware of do, yeah. Centrify, Likewise, winbind+samba+krb502:25
nomiusThe problem that I have with pam is that it is waaaay too complex02:26
jaegerIf we DO end up using it we'd ship a sane default config, of course02:26
jaegerWhy not try the pam ports I published in a VM or something and see if it gets in your way too much?02:27
nomiusAnd is not like it's a "dynamic" system that applications can live with out it, most (all) applications requires to be linked against that...02:27
jaegerTrue, but the same can be said of shadow02:28
nomiusYeah, but shadow has been there pretty much from the beginning...02:28
jaegerI think you'd find that unless you have to change something the PAM config won't even be noticeable02:29
nomiusI spent 5 hours a week ago configuring PAM with no success, to allow AD users to log in ssh... I mean, that was CRAZY...02:31
jaegerI use that setup at work all the time, though it's ubuntu rather than CRUX02:31
jaegerI bet I could get it working with CRUX, though02:31
nomiusYeah, I have it working in Ubuntu also at work...02:31
nomiusBut this was a CentOS also for work...02:31
nomiusIt was MENTAL02:31
jaegerbought 4 new servers for work today, got their configs ready to go in puppet with the AD auth, etc. :)02:33
jaegerer, 5 new02:34
prologicerr hang on02:57
prologicsorry late in on the conversation02:58
prologicwhy are we adding pam to core anyway?02:58
prologicI assume we are?02:58
jaegerwe're considering it, no guarantee02:58
jaegernot for 3.1, though02:58
prologicif they're well built published optional ports isn't that enough for anyone to get LDAP/AD with pam going?02:58
prologicwhat does "considering" it mean?02:58
jaegerer... it means considering02:59
jaegeras in weighing pros vs. cons, etc.02:59
prologicI mean if we said "okay let's do it"02:59
prologicwhat does that mean?02:59
prologicpam becomes the default auth backend in crux?02:59
prologicand it gets put in core with sane defaults and installed by default?02:59
jaegerPretty much02:59
prologicthat was kinda my point then03:00
prologicwhy couldn't it say ... just stay in opt03:00
prologicas an optional installation?03:00
prologicif were were to "ok" it that is after  "considering" it :)03:00
prologicand btw, pam isn't all that bad03:00
prologicI've had my fair share of pain with openldap + pam with utter failure in understanding how it all works and fits together03:01
prologicbut yeah it's required afaik for anything LDAP :)03:01
jaegerIn my opinion it would be similar to the multilib vs. pure64 thing. Maintaining one is better than maintaining two03:01
jaegerI'd like PAM to be default just for the extra features but in the end it isn't going to make or break03:01
prologicmaintaining one auth system that is?03:01
prologicahh yeap03:01
prologicwhat's our current auth system?03:02
prologicI tbh have no idea what it's called :)03:02
prologicI just thought they were files on the system :)03:02
jaegerWhich works fine but is limited in functionality03:02
prologicbut there is a shadow port/package :)03:02
prologickinda the sort of thing you take for granted really03:02
prologicwell yeah look03:02
prologicfor what it's worth03:02
prologicI'll +1 the whole pam integration03:02
prologicand swapout for shadow03:02
prologicwith a good default config, it's really not all that bad03:03
prologicwe'd probably want openldap in opt in that case then03:03
prologicif not already03:03
prologicwhich it is03:03
jaegerFor most users PAM would be a drop-in replacement, I think03:05
prologicit should be yeah03:05
prologicwhat we should do though too I think03:06
prologicis make sure we ship it with a config that's sane enough for most common ldap setups03:06
prologicI've been burned by this in the past03:06
prologici.e: get the config wrong03:06
jaegertry the ports and see what you think03:06
prologicand you log yourself out03:06
prologicyeah I will :)03:06
prologicI'll try to setup openldap  (via docker off) and another container with pam+openldap (client)03:06
prologicsee how it all pans out :)03:06
prologicare we shipping a good web, desktop guy, or curses ui for ldap management anywhere?03:07
jaegerNo idea, never used one03:07
prologicI've only used the ldap cli tools03:08
prologicand some web guy in the past -- cannot remember what it iwas03:08
jaegerIt's rare that I need to mess with LDAP itself but I just used CLI tools03:09
nomiusAre you guys using docker?03:10
prologicI think I used this in the past03:10
prologicI am yes03:11
prologicI'm maintaing Docker ports in contrib for CRUX03:11
prologici.e: fully Docker Daemon supported platform on CRUX03:11
prologicas well as maintaining a CRUX Docker Image on the Docker Public Registry called "crux"03:11
nomiusI've to admit that I never used it... Is it really nice?03:12
prologicihmo, yes03:12
nomiusHow big is the crux docker image?03:13
prologicAs big as a normal full crux instllation03:13
prologic$ docker images | grep crux03:13
prologicprologic/crux-python   latest              8f71e6d48237        2 weeks ago         693.4 MB03:13
prologicerr wrong one03:13
nomiusI really need to get into that thing...03:14
nomiusDoes it assign a new ip address to any container?03:14
prologic$ docker images | grep crux03:14
prologicprologic/crux-python   latest              8f71e6d48237        2 weeks ago         693.4 MB03:14
prologiccrux                   3.0                 c8490b8fd34c        4 weeks ago         339.7 MB03:14
prologiccrux                   latest              c8490b8fd34c        4 weeks ago         339.7 MB03:14
prologicyes it's all automatic :)03:14
prologicit *just works*03:14
prologicdocker run -i -t crux /bin/bash03:14
prologicfor example03:14
nomiusWhat about if you want graphics?03:15
prologicdocker run -i -t --privileged crux /bin/bash03:16
prologicprots -u03:16
prologicpet-get depicts xorg-server03:16
prologicI guess it would work :)03:16
nomiusReally awesome03:16
prologicnot really tried that yet03:16
prologicbut I plan to Dockerize my media center (mythtv) setup03:17
prologicinto split containers03:17
prologica --privileged one for Xorg+blackbox+mythfrontend+chome+terminal03:17
prologica mysql container for the mythtv backend03:17
prologicand a mythbacend container03:17
nomiusNice! :-D03:17
prologicand possibly a container to run up the au<->us proxy as well03:18
prologichopefully when I'm done it means I can upgrade individual parts of the whole system one at a time03:18
prologicand try to keep the system more-up-to-date03:18
prologicand even move things around to different hosts if I need to03:18
nomiusI just fixed a freaking weird issue with ktsuss03:23
*** __mavrick61 has quit IRC03:31
nomiusHey jaeger03:31
nomiusI finally moved myself to grub03:31
nomiusSo far it looks pretty nice03:32
nomiusI made a "simple" installer down here:
*** ___mavrick61 has joined #crux-devel03:32
nomiusI really like the default theme, black & white :-)03:32
prologicI'm still using lilo03:51
prologicand will likely continue to do so for the foreseeable furture03:51
nomiusYeah, but I need to support EFI :-)03:52
prologiclilo doesn't support EFI?04:56
prologicnot even lilo2?04:56
nomiuselilo does, but it's unmaintained04:56
prologicoh well04:57
nomiusI don't think there's a lilo204:58
nomiusYeap Romster, but elilo is unmaintained07:23
Romstercrap so it is07:26
Romsterand i hate grub2 its config is massive07:26
Romsterjaeger, since your nvidia update nwo i have files clashing from libvdpau not sure how i deal with that.07:43
*** deus_ex has joined #crux-devel10:12
*** mike_k has joined #crux-devel11:20
juejaeger: I've just applied patches for python and samba to build with readline 6.311:43
juejaeger: ok if I add a similar patch to parted? Upstream bugreport and fix is here ->
jueit turns out that the build problems I found with new readline are all caused by the use of deprecated functions11:46
jueafter all, with that in mind, I'd suggest to use new bash/readline for 3.1 ;)11:47
Romsternone if everything work and the patches are trivial.11:58
frinnstjue: go for it12:34
jaegerjue: no objections here13:43
jaegerRomster: uninstall vdpau or force overwrite if you need it in a hurry13:43
Romsteri forced overwrite but what's the best solution not use libvdpau when i use nvidia?13:49
jaegerSo far in my tests it makes no difference. So let one or the other overwrite for now and the files will be removed from nvidia later13:50
jaegerIf I get time for it today I'll do my last tests with xbmc and remove them after13:50
*** c0x has quit IRC13:56
*** deus_ex has quit IRC15:04
*** deus_ex has joined #crux-devel15:19
*** Amnesia has joined #crux-devel18:11
nomiusjaeger: will to share into crux-devel when there's a 3.1 iso to test?19:32
jaegeryeah, always do19:40

Generated by 2.11.0 by Marius Gedminas - find it at!