Re: (no subject)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



G'Day.  I am a newbie to the list, but just thought I'd take a stab at
this.  It sounds like you were having a problem gettingg a module to
mount devices prior to authentication.  (Obviously, I am not very
familiar with this pam_mount module, so I know I am treading on thin
ice here.)

It looks like you are forcing the pam_mount module to work as a 
session module, in which case, it would have to mount their drives in
the pam_sm_open_session.  That would require the mounting to occur in
the pam_sm_open_session, rather than the pam_sm_authenticate.  You
might try placing the 

 session  required       pam_mkdir.so
 session  required       pam_mount.so

as auth modules, instead, and see if it works.  Still, if the
authentication is good, and pam_ldap succeeds, you should get a shell,
reguardless of the users home directory being mounted or created.  Try
creating one users home directory and connecting.  If it still fails,
the problem may exist in your pam_ldap configuration.  So, just run a
couple of tests, and you should be able to determine exactly where the
problem occured.

(BTW: isn't a module that returns PAM_SUCCESS supposed to do something
in that function?  If not, it should return PAM_IGNORE, right?)

Joe Lewis, Systems Integrator

-------------------
> Hi,
> 
> I administrate a 800 computers network and the authentication is
based
> on a ldap server and the user's data are on a samba server.
> We have a directories called '/home/common', '/home/shares'... etc.
> Users don't have their own home directory, they are authenticated
using
> the pam_ldap module.
> 
> Our configuration file is the following
> auth     required       pam_nologin.so
> auth     required       pam_ldap.so
> auth     required       pam_mount.so use_firstpass
> account  required       pam_unix.so
> session  required       pam_unix.so
> session  required       pam_mkdir.so umask=0022
directory=/home/common
> session  required       pam_mkdir.so umask=0022
directory=/home/shares
> session  required       pam_mount.so
> 
> the module pam_mkdir is a module that I wrote for this purpose
(creating
> the directories, inspirated from pam_mkhomedir).
> When authenticating, the directories are created with good rights,
but
> shares are not mounted. Even if I put pam_mount after pam_mkdir.
> I walked into the source code of pam_mount and I saw that this
module
> mount the shares for the authentication and not for the session.
> 
> <code>
> PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
>                                    int argc, const char **argv)
> {
>         return PAM_SUCCESS;
> }
> </code>
> 
> Thus, session is useless for pam_mount.
> 
> So, I thought that put the directory creation in the auth step could
be
> a good idea.
> (
> auth  required       pam_mkdir.so umask=0022 directory=/home/common
> auth  required       pam_mkdir.so umask=0022 directory=/home/shares
> auth  required       pam_mount.so use_firstpass
> )
> 
> 
> But the login step doesn't success, do you have an idea ?
> 
> mine is that the pam_mount module should move its mount code from
auth
> to session, but the module is hard to maintain (the MakeFile is
badly
> written thus some includes are missing and we should add'em by
hand).
> 
> Do you know other modules than pam_mount to mount the SAMBA shares ?
> Can I miss something in my pam_mkdir code for auth which differs
from
> session (exepted for the proto the function struct pam_module that
I've
> change according to other source code using the auth process).
> 
> Is it allow to be able to create de directory through the auth
process ?
> (if so.. why does the pam_mount module is able to mount shares
here?)
> 
> 
> Thanks a lot,
> 
> 
> -- 
> Sébastien Tricaud <stricaud@mwsp.net>
> 
> 
> 
> _______________________________________________
> 
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> 



_______________________________________________

Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux