Re: Order of executing modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le lun 17/03/2003 à 09:23, Lukas Kubin a écrit :
> I have troubles forcing pam_mkhomedir to create the user's home
> directory before pam_mount tries to mount a network drive to it. The
> order of modules in my "ssh" pam config is:
> 
> auth       required     pam_nologin.so
> auth       required     pam_env.so
> auth       sufficient   pam_unix.so
> auth       required     pam_ldap.so    use_first_pass
> auth       requisite    pam_mount.so   use_first_pass
> 
> account    sufficient   pam_unix.so
> account    required     pam_ldap.so
> 
> session    required     pam_mkhomedir.so umask=077
> session    sufficient   pam_unix.so
> session    required     pam_ldap.so
> session    requisite    pam_mount.so
> session    required     pam_limits.so
> 
> The problem is it first tries to mount the network drive using
> pam_mount.so (which fails because of non-existing mountpoint) and then
> the pam_mkhomedir creates the directory. So this try to authenticate
> fails. Next time the user tries to log in, the directory is available
> and he/she gets through. But I, of course, need it to success on first
> try.
> Could someone help me, please?
> Thank you.

Yes,
I had *exactly* the same problem.

pam_mount doesn't respect the standard which says that you _must_ put
system commands and stuffs in the pam_sm_open_session() function.
In order to fix this problem, it was faster and easier to force
pam_mkhomedir to not respect the standard too :(
I didn't have enough time to hack pam_mount, even if I was interested to
do it so.
I heard that newest versions don't mount the remote volumes in the auth
part but in session but I'm not sure, it's only something I heard.

If you are interested by this module (pam_mkhomedir with my hack to work
in the auth side -sic-) I can send the sources to you.
Otherwise, if you are able to look into the code (it is not very
difficult, trust me :), just do it.
Or the best of the best, if you have time to look into the latest
version of the module, look into it if it can handle session for
mounting volumes or, if it has still not be done, and you have the
skills, time for that, just hack it.

Happy hacking,


-- 
Sébastien Tricaud <stricaud@xxxxxxxx>



_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux