Custom Query (1145 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (301 - 303 of 1145)

Ticket Resolution Summary Owner Reporter
#492 fixed Coordinate with ops to get report of bitrotting machines jdreed jdreed

Reported by jdreed, 15 years ago.

Description

We have decided not to have anything other than -cluster upgrade between releases automatically. Other metapackage users should get whined at by Ubuntu about new versions through the normal methods (Synaptic, etc). However, there are likely to be un-upgraded machines.

We should coordinate with ops to provide an easily-runnable report that they can run 2-3x per year that gets us hostnames of machines that are running "old" releases. This requires a change to counterlog (see #491) to be in place before we can start generating these reports.

#495 fixed The new ssh/ticket delegation user experience is terrible jdreed

Reported by jdreed, 15 years ago.

Description

The combination of the fact that GSSAPIDelegateCredentials is not set on clients and that Debathena's sshd accepts non-delegated credentials is making for a terrible user experience on the dialups. (Whether or not the users *need* to be using the dialups is beside the point.)

In the long term, we would modify the patch to sshd on the old dialups, and upstream it, so that this was a configurable option in sshd_config, but that doesn't help us in the short term.

We added a warning, but no one reads it, and it doesn't help with SFTP connections.

Possibly short term solutions:

  • Patch sshd on the dialups to restore the old functionality (mmanley is looking into this)
  • Configure the dialups to run renew on the user's behalf if there are no tickets (this feels like a MitM attack, and will also break non-interactive sessions, or anything using expect(1), and possibly also break other things we haven't thought of)
  • Configure ssh_config on Debathena to delegate to the dialups (we rejected this before based on security concerns, and also because having host-specific behavior might be more confusing)
  • Configure the dialups to log you off (with a detailed error message) if you don't have tickets. Frankly, there's no need for anyone to be logged into athena.dialup without tickets/tokens. Anyone who actively _wants_ that situation almost certainly has access to another machine. Or Linerva.
#499 fixed attach man page should reflect reality jdreed jdreed

Reported by jdreed, 15 years ago.

Description

Despite #227, we should update the man page to note that the majority of the command line options no longer work. (Like, -n -e for example)

Note: See TracQuery for help on using queries.