It turns out I was using an old version of sshd that came with RH. OpenSSH 3.9x works without problems when using pam_mkhomedir. Permissions no longer have to be 777. Thanks to all that replied! On Thu, 2004-10-14 at 10:46 +1000, Darren Tucker wrote: > Thorsten Kukuk wrote: > > On Wed, Oct 13, Joey Trungale wrote: > >>I have sshd using pam_mkhomedir to create home directories as users are > >>authenticated with pam_winbind. The home directory setup > >>is /home/NT_DOMAIN/username. The only problem with this is that > >>NT_DOMAIN must be 777 in order for pam to be able to create the users > >>directory in it. I'm guessing this is because pam drops privs before it > >>gets to this point...maybe it's run as the user. [...] > > > Has nothing to do with PAM, is a typical sshd problem. > > Correction: it *was* a typical (OpenSSH) sshd problem. Recent versions > (>3.7x) will run pam_session and pam_setcred as root even with > UsePrivilegeSeparation=yes. > > We've been working to improve the PAM support in OpenSSH. If you've got > a module that doesn't work with (the current version of) OpenSSH, please > report it. I don't guarantee it will be made to work, but I do promise > to look at it. > > OpenSSH's PAM support will never be perfect (because of the mismatches > between the SSH protocol and the PAM API, and because it's harder to do > PAM in a privilege separated environment like OpenSSH) but it can be > improved. > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list