Am I the only one (apparently not, see below) who has been burned a couple of times by downloading and spending a lot of time compiling and installing a module only to find out that it is deprecated and has been replaced by a newer version which is located on somebody's obscure home page? Or at least the instructions for building and/or installing it are occult?
Recent examples discussed on this list: pam_mount vs. pam_mount pam_netgroups vs. pam_netgroups vs pam_netgroup pam_listfiles vs. pam_listfiles
I propose that pam.sourceforge.net become THE central site for PAM source and docs. If you have an improved version of pam_foo.so, commit it. If you have written a new pam_bar.so, add it. You say you finally got all the pam modules to build clean under Solaris _n? Post your notes in a forum, or better yet, commit your changes to the pam config files so nobody else has to figure this out...again. And use the pam-announce forum to let everybody else know about your contribution.
I'm not committed to SourceForge, it could be somewhere else. But it would be great if I could refer to one place for everything. I know *I* would use it.
And hey, in case I am clueless, and such a place already exists, could some kind soul please let me, and everybody on this list, and the folks over on pam.sourceforge.net know?
Comments? (Clues? :)
best regards,
--johnT John Taylor Cadence Design Systems, Inc. 200 Regency Forest Dr. Cary, NC 27511 USA +1 919 481 6835
Lukas Kubin wrote:
Thank you for the answer. But could you tell me what version we are talking about and where did yout get it from? I've tried 0.5.10-3 from debian and 0.5.11 compiled from original sources from http://www.flyn.org/projects/pam_mount/ Both have the "auth" module included in their README and both of them doesn't work without it. Ie. I can't place the pam_mount.so to "session" module only.
lukas
On Po, 2003-03-17 at 17:31, Joe Lewis wrote:
The problem with "old pam_mount" is that it is executed in the auth section. There is not a problem with the order you specified. When a user log's in, The authentication mechanism tries to mount the directory when the password is being verified. Unfortunately, the "old pam_mount" doesn't mount it during the session, after pam_mkhomedir is run, it occurs in the auth section, before the session is run, which means it will fail.
He's saying, use a different form of pam_mount that works with the session timing. Your order is correct, but the module itself was poorly designed.
Joe
Lukas Kubin wrote:
I don't understand your answer much. I need to know whether there is something bad with the order of modules as I wrote it. What is "old pam_mount" ? I am using 0.5.10-3 from Debian package and it doesn't work without being placed in the "auth" section (of course the placement doesn't give much sense to me too). Thank you.
lukas
On Po, 2003-03-17 at 09:56, Tony den Haan wrote:
On Mon, 17 Mar 2003, Lukas Kubin wrote:
I have troubles forcing pam_mkhomedir to create the user's home directory before pam_mount tries to mount a network drive to it. The order of modules in my "ssh" pam config is:
auth requisite pam_mount.so use_first_pass
session requisite pam_mount.so
logic suggests pam_mount is rather pointless in the "auth" section, and some searching shows that indeed the old pam_mount is badly written
_______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
_______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list