[plug] making linux desktops consistent

Tue Apr 27 20:02:48 WST 2004

On Tue, 2004-04-27 at 19:15, raven at themaw.net wrote:

> > Depending on the programs being run, you'll need to make sure that only 
> > one copy of each user account is logged in at any one time, though. Some 
> > apps don't deal with this well.
> 
> That's not acceptable. Ditch the apps.

Tricky in this situation, as the apps in question include OO.o, Mozilla,
and Evolution. As we use thin client desktops, these apps are rather
important ;-)

Come to think of it, I suspect it includes GNOME and KDE, too (config
file changes can be lost, etc).

Personally, I'm not too bothered by a user being unable to be logged in
to a full GUI session from multiple terminals; it'd be nice, but that's
it. 

> I don't have that problem. Our Linux processing machines have 2 
> jobs running the same app (2 CPU machines). These machines would be useles 
> if they couldn't.

Indeed. My core server has 10 users, plus mail services, databases, etc
etc. Oddly enough, multiple tasks. We have a dual Xeon for a reason ;-)

I suspect you may have missed the point of my statement. I am saying
only that some applications - mostly X11-based GUI tools that keep
extensive local profile information - do not cope with having multiple
instances running under a single user account. With most of these apps,
it's not useful to run multiple instances anyway, unless you're doing so
on different displays. Unfortunately, the're not written to cope with
multiple instances on different displays or hosts, because of the way
they use their user profile info. Alternatives would probably require a
special profile access backend process to be spawned for all instances
to share, complex locking schemes, multiple profiles for different
displays, etc. None of those strike me as attractive, and I'm not
willing to volunteer the time and/or money to solve the problems, so I
don't make a big deal of it. 

I do wish they'd detect being run on a different machine or display and
inform the user in a slightly more useful way. Mozilla, at least, simply
complains about a locked profile - which while somewhat reasonable,
leaves the (sadly) average user going "what? huh?".

> Maybe you are saying you shouldn't have two machines accessing the same 
> data files at the same time.

Yup; in the case of many apps, this comes down to the same thing. It's
often possible to tell them to use an alternative profile, but it's
generally not considered useful for a user to get different bookmarks
etc depending on what machine they log in to.

> > I actually gave up on NIS in frustration and tried LDAP auth instead - 
> > with much success. If you use TLS, it's quite secure as well.
> 
> LDAP is much harder to administer but the security is much better. I agree 
> that LDAP is the approiate migration path from NIS.

I find LDAP great in admin terms, actually. pam_mkhomedir and
directory_administrator take 99% of the work out of handing user account
maintenance, and for the rest I use a few small scripts.

> However, you are doing something wrong if NIS doesn't work for you.

No doubt; I wasn't claiming that it doesn't work, only that I gave up in
frustration while trying to get it to work on my systems. Mostly due to
lack of understanding, no doubt, though it didn't help that I was trying
to finish work someone else had started and given up on. That said,
however, I found LDAP authentication trivial to set up in comparison,
despite the lack of documentation - as soon as I understood LDAP.

Craig Ringer