RoboLab VLAB server

From techdocs
Revision as of 10:46, 27 Haziran 2023 by Plinich (talk | contribs) (→‎Creating a local account to use with zID)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Starting from a Desktop install of Ubuntu 20.04:

Setup XDM as the display manager (the program that displays the login screen)

apt-get install xdm

When prompted as by apt-get's post-install, configure XDM to start as default (instead of lightdm, or any other display managers)

Edit /etc/X11/xdm/Xservers:
Comment out the line for display ":0..."

Edit /etc/X11/xdm/xdm-config:
Comment out: "DisplayManager.requestPort: 0"

Edit /etc/X11/xdm/Xaccess:
Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only)

Note 1: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB.

Note 2: may have to reboot after installing XDM to clean out leftover processes and configurations from the original display manager.

Install TigerVNC server

  1. Go to www.tigervnc.org navigate to the download pages
  2. Download tigervnc-1.13.1.x86_64.tar.gz
  3. Untar into /usr/local
  4. Create symlink to tigervnc in same directory

Install xvncrunner

xvncrunner is an eternal, systemd-managed service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances with appropriate command-line parameters to suit the individual incoming connections. 

apt-get install tcl tcl-thread

Copy from New World:

  • /etc/systemd/system/xvncrunner.service
  • /usr/local/infrastructure/vlab/xvncrunner(|.sh)

Make it go: 

systemctl daemon-reload
systemctl enable xvncrunner
systemctl start xvncrunner

Install xfce4

apt-get install xfce4

Set up a user .xsession file to start xfce4-session (chmod 755)

Setting up Kerberos for zID/zPass authentication

Note: Kerberos is solely for authentication (checking that zID/zPass are correct). This has nothing to do with the account or home directory of the user. See below for creating an account on the server which can be used with Kerberos authentication. 

apt-get install krb5-user

Answer for "Default Kerberos realm" is "AD.UNSW.EDU.AU". Must be upper-case and without double quotes.

Add to [realms] in /etc/krb5.conf: 

AD.UNSW.EDU.AU = {
    kdc = ad.unsw.edu.au
}

Test with kinit, klist and kdestroy: 

root@robolab-test:/home/csg# kinit <zID>
Password for <zID>@AD.UNSW.EDU.AU: 
root@robolab-test:/home/csg# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <zID>@AD.UNSW.EDU.AU 

Valid starting     Expires            Service principal
27/06/23 10:08:17  27/06/23 20:08:17  krbtgt/AD.UNSW.EDU.AU@AD.UNSW.EDU.AU
	renew until 28/06/23 10:08:13
root@robolab-test:/home/csg# kdestroy
root@robolab-test:/home/csg#

Tying in to PAM (pluggable authentication modules)

apt-get install libpam-krb5

Creating a local account to use with zID

root@robolab-test:~# useradd <zID>
root@robolab-test:~# mkdir /home/<zID>
root@robolab-test:~# chown <zID>:<zID> /home/<zID>

Note: Can probably pass "-m" to useradd and it'll create the home directory itself.

Create /home/<zID>/.xsession owned by user <zID> and with permissions 0755: 

#!/bin/bash
exec /usr/bin/xfce4-session

Note: Can probably modify the contents of /etc/skel so the .xsession file is created automatically.

Notes

For Peter. Other folk can ignore:

  • systemctl set-default graphical
  • systemctl set-default multi-user
Retrieved from ‘https://techdocs.cseunsw.tech/mediawiki/index.php?title=RoboLab_VLAB_server&oldid=684