LDAPAccountManager/lam/docs/README.lamdaemon.pl

lamdaemon.pl is used to modify quota and homedirs
on a remote or local host via ssh.
If you want wo use it you have to set up many
thins to get it work.

1. Set values in LDAP Account manager
   * Set the remote or local host in the configuration
    (e.g. 127.0.0.1)
   * Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl  


2. Set up sudo
   The perlskript has to run as root (very ugly I know but
   I haven't found any other solution). Therefor we need
   a wrapper, sudo.
   Edit /etc/sudoers on host homedirs or quotas should be used
   and add the following line:
   $admin All= NOPASSWD: $path
   $admin is the adminuser from lam and $path
   is the path include the filename of lamdaemon.pl
   e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl
   At the moment the password is a paramteter of lamdaemon.pl
   Therefore you should disable logging so the password doesn't
   apear in any logfile
   This can be done by adding the following line:
   Defaults:$admin !syslog
   
3. Set up perl
   We need some external perl-modules, Quota and Net::SSH::Perl
   Th install them, run:
   perl -MCPAN -e shell
   install Quota
   install Net::SSH::Perl
   Please answer all questions to describe your system
   Every additional needed module should be installed
   automaticly
   LDAP isn't used by lamdaemon.pl anymore 

   I installed Math::Pari, a needed module, by hand.
   I had many problems to install Math::Pari, a module needed
   by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case).
   I found the following solution to prevent this bug:
   * Download and untar pari (http://www.parigp-home.de)
   * Download and untar Math::Pari
   * run perl Makefile.PL
   * edit Makefile and libPARI/Makefile
     Replace line "OPTIMIZE = -O3 --pipe" with
     "OPTIMIZE = -O1 --pipe".
   * run make
   * run make install

4. Set up ssh
   On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config
   to get lamdaemon.pl work
   I had some problems to log in with ssh if the password hash of the
   admin-user was encrypted with {SSHA}. I had to change encryption
   for admin-accounts to {CRYPT} to get ssh work.
   
5. Test lamdaemon.pl
   I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl
   with the following attributes to test it:
   lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
   $ssh-server is the remote host lamdaemon.pl should be run
   $lam_path_on_host is the path to lamdaemon.pl on remote host
   $admin-username is the name of the user which is allowed to run lamdaemon.pl
                   as root. It's the same user in /etc/sudoers
   $admin-password is the password of admin-user
   *test is the command which tells lamdaemon.pl to test settings
   
   You have to run the coammd as the user your webserver is running as, e.g.

   wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
     127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test

   You should get the following response:
     Net::SSH::Perl successfully installed.
     sudo set up correctly.
     Perl quota module successfully installed.
     If you have'nt seen any error lamdaemon.pl should set up successfully.
   
Now everything should work fine

This is a very incomplete Documention for Beta-Release only.
Pleas send a mail to TiloLutz@gmx.de if you have any suggsestion
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`lamdaemon.pl is used to modify quota and homedirs`
			`on a remote or local host via ssh.`
			`If you want wo use it you have to set up many`
			`thins to get it work.`

			`1. Set values in LDAP Account manager`
			`* Set the remote or local host in the configuration`
			`(e.g. 127.0.0.1)`
Fixed serveral things in lamdaemon. objectClasses are now checked Removed small bug when DN has to be changed 2003-08-12 19:45:24 +00:00			`* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl`

Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00
no options in lamdaemon.pl anymore 2003-09-20 13:59:13 +00:00			`2. Set up sudo`
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`The perlskript has to run as root (very ugly I know but`
			`I haven't found any other solution). Therefor we need`
			`a wrapper, sudo.`
Fixed serveral things in lamdaemon. objectClasses are now checked Removed small bug when DN has to be changed 2003-08-12 19:45:24 +00:00			`Edit /etc/sudoers on host homedirs or quotas should be used`
			`and add the following line:`
Modified lamdaemon.pl Don't run ssh as wwwrun anymore. Is was unsecure because apache needed an authorized key to log in without password. ssh-connection is now done as user logged in as admin. 2003-08-11 21:09:17 +00:00			`$admin All= NOPASSWD: $path`
			`$admin is the adminuser from lam and $path`
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`is the path include the filename of lamdaemon.pl`
Modified lamdaemon.pl Don't run ssh as wwwrun anymore. Is was unsecure because apache needed an authorized key to log in without password. ssh-connection is now done as user logged in as admin. 2003-08-11 21:09:17 +00:00			`e.g. $admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl`
added security-note in README.lamdaemon.pl 2003-08-28 18:53:46 +00:00			`At the moment the password is a paramteter of lamdaemon.pl`
			`Therefore you should disable logging so the password doesn't`
			`apear in any logfile`
			`This can be done by adding the following line:`
fixed readme modified pdf.inc corrected unix expiredate & shell 2003-08-29 11:21:02 +00:00			`Defaults:$admin !syslog`
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00
no options in lamdaemon.pl anymore 2003-09-20 13:59:13 +00:00			`3. Set up perl`
			`We need some external perl-modules, Quota and Net::SSH::Perl`
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`Th install them, run:`
			`perl -MCPAN -e shell`
			`install Quota`
Fixed serveral things in lamdaemon. objectClasses are now checked Removed small bug when DN has to be changed 2003-08-12 19:45:24 +00:00			`install Net::SSH::Perl`
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`Please answer all questions to describe your system`
			`Every additional needed module should be installed`
			`automaticly`
no options in lamdaemon.pl anymore 2003-09-20 13:59:13 +00:00			`LDAP isn't used by lamdaemon.pl anymore`
* empty log message * 2003-05-13 11:59:17 +00:00
Fixed serveral things in lamdaemon. objectClasses are now checked Removed small bug when DN has to be changed 2003-08-12 19:45:24 +00:00			`I installed Math::Pari, a needed module, by hand.`
			`I had many problems to install Math::Pari, a module needed`
			`by Net:SSH::Perl. The reason is a bug in gcc 3.3 (In my case).`
			`I found the following solution to prevent this bug:`
			`* Download and untar pari (http://www.parigp-home.de)`
			`* Download and untar Math::Pari`
			`* run perl Makefile.PL`
			`* edit Makefile and libPARI/Makefile`
			`Replace line "OPTIMIZE = -O3 --pipe" with`
			`"OPTIMIZE = -O1 --pipe".`
			`* run make`
			`* run make install`
no options in lamdaemon.pl anymore 2003-09-20 13:59:13 +00:00
* empty log message * 2003-10-23 11:12:04 +00:00			`4. Set up ssh`
			`On my System, Suse 9.0 I had to set usePAM no in /etc/ssh/sshd_config`
			`to get lamdaemon.pl work`
			`I had some problems to log in with ssh if the password hash of the`
			`admin-user was encrypted with {SSHA}. I had to change encryption`
			`for admin-accounts to {CRYPT} to get ssh work.`

added test-function in landaemon.pl 2003-10-23 18:25:55 +00:00			`5. Test lamdaemon.pl`
			`I've installed a test-function in lamdaemon.pl. Please run lamdaemon.pl`
			`with the following attributes to test it:`
			`lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test`
			`$ssh-server is the remote host lamdaemon.pl should be run`
			`$lam_path_on_host is the path to lamdaemon.pl on remote host`
			`$admin-username is the name of the user which is allowed to run lamdaemon.pl`
			`as root. It's the same user in /etc/sudoers`
			`$admin-password is the password of admin-user`
			`*test is the command which tells lamdaemon.pl to test settings`

			`You have to run the coammd as the user your webserver is running as, e.g.`

			`wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \`
			`127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl root secret *test`

			`You should get the following response:`
			`Net::SSH::Perl successfully installed.`
			`sudo set up correctly.`
			`Perl quota module successfully installed.`
			`If you have'nt seen any error lamdaemon.pl should set up successfully.`

Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`Now everything should work fine`

added test-function in landaemon.pl 2003-10-23 18:25:55 +00:00			`This is a very incomplete Documention for Beta-Release only.`
Added very short README to lamdaemon.pl 2003-05-13 11:57:50 +00:00			`Pleas send a mail to TiloLutz@gmx.de if you have any suggsestion`