Re: pam_mkhomedir.so trouble

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 09, 2003 at 10:34:04AM +0500, Sergey wrote:
> Hi all!
> I have
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0066
> Then
> bash-2.05b$ ssh apex -ltest
> test@xxxxxxxxxxxxxx's password: 
> Connection to apex.csu.ac.ru closed by remote host.
> Connection to apex.csu.ac.ru closed.
> 
> At auth.log:
> Dec  9 10:27:36 apex sshd[28124]: Accepted password for test from
> ::ffff:192.168.86.34 port 37418 ssh2
> Dec  9 10:27:36 apex PAM-mkhomedir[17654]: unable to create directory
> /home/test
> Dec  9 10:27:36 apex ssh(pam_unix)[17654]: session opened for user test
> by (uid=1201)
> Dec  9 10:27:36 apex sshd[17654]: fatal: PAM session setup failed[6]:
> Permission denied
> 
> What should I fix to enable user to login?

recent ssh versions added PrivilegeSeperation, this also causes pam
sessions to be run as the user, instead of as root, thus pam_mkhomedir
lacks any permission to do things like create home directories.

you can either disable PrivilegeSeperation and reduce sshd security,
or rewrite pam-mkhomedir to use a setuid helper.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00125.pgp
Description: PGP signature

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux