Hi Murray, > Hi Wilhelm, > > The pam_mount module seemed to work alright but I wanted to use it with > ssh but there is an outstanding bug with ssh that prevents me doing that > - some problem to do with ssh privlege separation and the userid / > passwords not been passed from pam_unix to pam_mount I will be > interested to see if your module works in that case. please let me be informed about your results. > > Another thing is that I was wondering why you needed to create this > module. Will it offer anything that pam_mount doesn't - pam_mount seems > more general purpose. No offense but it seems like re-inventing the This is to some extent correct. But you have to consider the following: in our environment we have a great number of Windows-Clients and a growing number of GNU/Linux-clients or GNU/Linux-servers together with an Active-Directory as the central identity repository and CIFS-fileservers (Windows, moving to Samba). All authentication/authorization is done via LDAP on the AD. This works very well for all sorts of clients. The only thing we were missing, was setting the correct GID with pam_mount for CIFS-mounts via mount.cifs for Linux-clients. Therefore I wrote a patch for pam_mount to include the GID-setting part. Experimenting further with pam_mount, I found it sometimes unreliable in the case of unmounting the shares. Due to the structure of pam_mount, I found it simpler to write another pam-module with a different architecture (pam-module in combination with a daemon) than modifying pam_mount. > wheel to me. BTW, I saw recently that the pam_mount maintainer is > looking for someone else to take over maintenance of it. Well, I think about it. > > Regards > > Murray > > > Hello everybody, > > > > I wrote a simple Linux-PAM module named pam_cifs which is of special > > interest to all linux-cifs-client users: > > > > http://sourceforge.net/projects/pam-cifs > > > > pam_cifs is responsible for mounting cifs-shares on login of users to the > > system. It is really usefull in combination with pam_ldap and nss_ldap. > > The unmounting of cifs-shares is done via a little daemon, to ensure, > > that the filesystem isn't in use anymore. > > > > This is a very (!) early state of this project (currently version 0.4), > > but it works. Compared to pam_mount this module is much, much simpler and > > has a different architecture and its limitations. > > > > Kind regards, > > > > Wilhelm Meier > > email: meier@xxxxxxxxxxxxxxxxxxx > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- -- Wilhelm Meier email: meier@xxxxxxxxxxxxxxxxxxx _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
