Enabling LDM_DIRECTX=True For Faster Sessions on Gutsy Server

[Philipp Hanselmann]

Hi Oli, Scott

I figured out, that with Feisty and the ldm (DM_DIRECT = True) version 
from Scott, gtksu isn't working on the thin clients, because  the ldm 
does not create an ${HOME}/.Xauthority file.

Now I did a couple of hacks to get this  working somehow... But I must 
say a get a really bad felling about this hacks ...

I had now couple of times the issue that a user can't login any more on 
the server until his .Xauthority file get deleted manually or he logs in 
on one off the thin clients which solves also the issue ...

Like I don't have more time to play around with this (1 week left for 
final customizing), maybe I just deactivate xauth/.Xauthority?
Like our server has Shorewall, we don't need this X11 feature ...

I haven't tested this up to know with Gusty...

Philipp

Philipp Hanselmann wrote:
> Hi
>
> Meanwhile I found a solution for this issue ...
>
>
> The issue is related with the .Xauthority file doesn't get generated by
> the display manager (ldm) during a user login with the setting
> LDM_DIRECT = True.
> I was reading some documentation about xauth mechanisms and there I was
> reading that a display manager is supposed to generate and .Xauthority
> during a  user login.
>
> I figure out that when I copy as root the xauth file to the home folder
> (cp -f '/var/lib/gdm/:0.Xauth' /home/user/.Xauthority ) than the gksu,
> gksudo is working normally with this user on the thin clients.
>
> To automate this I added a X11 login script to the /etc/X11/Xsession.d/
> folder, as name I choosed 81-fix-xauth.
>
>    if [ -e '/var/lib/gdm/:0.Xauth']
>        cp -f '/var/lib/gdm/:0.Xauth' $HOME/.Xauthority || true
>    fi
>
> But, than I noticed, that normal user doesn't have read permission to
> the /var/lib/gdm folder, and even to change it to read wouldn't help
> like these folder
> permissions get corrected during the starting phase of gdm (server
> display manager)
>
> What I did now, I just added this line to /etc/init.d/gdm somewhere
> behind the "daemon start line"
> chmod 775 /var/lib/gdm
>
> Since than the issue are gone ...
>
> Sorry Scott  for this hack, but I was trying a couple of other ways, but
> I was finally the only one, which was working for us up to now
>
> Philipp
>
>
>
> Philipp Hanselmann wrote:
>> Hi
>>
>> I tested this again, its only happen with LDM_DIRECT = True, 
>> otherwise gksudo/gksu is working on the thin clients.
>>
>> May this is in connection with the DISPLAY variable during a client 
>> login, which is different with deactivated encryption (LDM_DIRECT = 
>> True).
>>
>> with LDM_DIRECT=true
>> echo $DISPLAY         192.168.0.249:6.0
>>
>> otherwise (without this option)
>> echo $DISPLAY         localhost:11:0
>>
>>
>> Can somebody help ?
>>
>> Philipp
>>
>>
>> Philipp Hanselmann wrote:
>>  
>>> Hi
>>>
>>> On 2 Feisty installations up to now, I figured out that programs 
>>> witch needs be started with gksu or gksudo, works only on the server.
>>>
>>> When I am using for example synaptic on a thin client I only get 
>>> this error message:
>>>
>>>    "Failed to run synaptic as root. Unable to copy Xauthorization file"
>>>
>>> If am running the same from the console, like this:
>>>
>>> $ gksu synaptic
>>>
>>> I get additional this line:
>>>
>>>    "Error copying: /home/teacher/.Xautority to /tmp/libgksu-doX No 
>>> such file or directory"
>>>
>>> The same is happening with the command gksudo.
>>>
>>> Now I figured out, that really the .Xautority file in the home 
>>> folder is missing. Like I understand, this file is getting created 
>>> during a user login automatically. This happen at least during a 
>>> login with the same user on the server.
>>>
>>> One way is to get it working is this:
>>>
>>> 1.) ON THE SERVER: login with the user teacher
>>> 2.) ON THE SERVER: cp .Xautority .Xautority.org
>>> 3.) ON THE SERVER: logout
>>>
>>> 4.) ON A CLIENT:  login with the user teacher
>>> 5.) ON A CLIENT:  cp .Xautority.org .Xautority
>>> 6.) ON A CLIENT:  gksu synaptic
>>>
>>> On other way is just to use kdesu instead of gksu.
>>>
>>>
>>> $ kdesu synaptic
>>>
>>> that is on the screen:
>>>  
>>> <snip>
>>> xauth: creating new athoirty file /home/teacher/.Xauthority
>>> kdesu (kdelibs): WARINING: No authentication info set for display 
>>> 192.168.0.250:6.0
>>> </snip>
>>>
>>> kdesu is able to create the .Xautority file, and finally I get 
>>> synaptic as root.
>>>
>>> Does somebody know a solution for this except to use kdesu.
>>> May this is imported, I am using  LDM_DIRECT = True in lts.conf 
>>> together with a updated ldm script.
>>>
>>>
>>> Thanks
>>>
>>> Philipp
>>>
>>>

Oliver Grawert wrote:
> hi,
> Am Mittwoch, den 07.11.2007, 10:15 -1000 schrieb R. Scott Belford:
>   
>> Aloha
>>
>> On Edubuntu Gutsy LTSP server, is the only step to deactivate ssh (once 
>> authenticated) to add
>>
>> LDM_DIRECTX=True
>>
>> to /var/lib/tftpboot/ltsp/i386/lts.conf
>>     
> that should suffice ....
> check what your DISPLAY variable is set to if youre logged in ...
> ssh connections will point to the ssh proxy which usually listens on
> localhost:11 ... if DISPLAY shows the ip of the client (usually
> <IP>:6.0) your X is forwarded without encryption.
>
> ciao
> 	oli
>   
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition. 
> Version: 7.5.486 / Virus Database: 269.15.20/1108 - Release Date: 03.11.2007 21:42
>   



-- 
SchoolNet NA - Youth Empowerment through Information and Communication Technology

SchoolNet Namibia provides sustainable, low cost technology solutions and internet access, as well as technical support, training services and rich educational content to schools, community-based educational organisations, and educational practitioners throughout Namibia.

www.schoolnet.na

toll free number: 0800 005793

Philipp Hanselmann
philipp at schoolnet.na
tel  +264 (0)66 267134
fax +264 (0)66 267135
cell  +264 (0)85 5611314