RoboLab VLAB server
Starting from a Desktop install of Ubuntu 20.04:
Setup XDM as the display manager (the program that displays the login screen)
apt-get install xdm
When prompted as by apt-get's post-install, configure XDM to start as default (instead of lightdm, or any other display managers)
Edit /etc/X11/xdm/Xservers:
Comment out the line for display ":0..."
Edit /etc/X11/xdm/xdm-config:
Comment out: "DisplayManager.requestPort: 0"
Edit /etc/X11/xdm/Xaccess:
Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only)
Note 1: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB.
Note 2: may have to reboot after installing XDM to clean out leftover processes and configurations from the original display manager.
Install TigerVNC server
- Go to www.tigervnc.org navigate to the download pages
- Download
tigervnc-1.13.1.x86_64.tar.gz - Untar into
/usr/local - Create symlink to
tigervncin same directory
Install xvncrunner
xvncrunner is an eternal, systemd-managed service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances with appropriate command-line parameters to suit the individual incoming connections.
apt-get install tcl tcl-thread
Copy from New World:
/etc/systemd/system/xvncrunner.service/usr/local/infrastructure/vlab/xvncrunner(|.sh)
Make it go:
systemctl daemon-reload systemctl enable xvncrunner systemctl start xvncrunner
Install xfce4
apt-get install xfce4
Set up a user .xsession file to start xfce4-session (chmod 755)
Setting up Kerberos for zID/zPass authentication
Note: Kerberos is solely for authentication (checking that zID/zPass are correct). This has nothing to do with the account or home directory of the user. See below for creating an account on the server which can be used with Kerberos authentication.
apt-get install krb5-user
Answer for "Default Kerberos realm" is "AD.UNSW.EDU.AU". Must be upper-case and without double quotes.
Add to [realms] in /etc/krb5.conf:
AD.UNSW.EDU.AU = {
kdc = ad.unsw.edu.au
}
Test with kinit, klist and kdestroy:
root@robolab-test:/home/csg# kinit z9702847 Password for z9702847@AD.UNSW.EDU.AU: root@robolab-test:/home/csg# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: z9702847@AD.UNSW.EDU.AU Valid starting Expires Service principal 27/06/23 10:08:17 27/06/23 20:08:17 krbtgt/AD.UNSW.EDU.AU@AD.UNSW.EDU.AU renew until 28/06/23 10:08:13 root@robolab-test:/home/csg# kdestroy root@robolab-test:/home/csg#
Tying in to PAM (pluggable authentication modules)
apt-get install libpam-krb5
Creating a local account to use with zID
Notes
Ignore:
systemctl set-default graphicalsystemctl set-default multi-user