Hi,
I'm trying to configure PAM for my needs all day now, but I can't get it
right.
I have an LDAP server which contains the user login information for my
users. This server also serves the home directory's using NFS.
On my clients I use pam_ldap to authenticate and I use pam_mount to
mount the home directorys whenever a users logs on. This works fine. The
problem is, whenever a local user on the client logs on, pam_mount trys
to mount a home directory from the server. In my pam configuration I
would like to specify that pam_mount shouldn't be executed whenever a
local user logs on. But I can't figure out how. I use the default files
in my '/etc/pam.d/' directory and I've modified the 'common-*' files in
the following way:
common-account:
account sufficient pam_ldap.so
account required pam_unix.so
common-auth:
auth required pam_mount.so
auth sufficient pam_ldap.so use_first_pass
auth sufficient pam_unix.so nullok_secure use_first_pass
common-password:
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
common-session:
session optional pam_foreground.so
## I think I should add something overhere
session required pam_mount.so
session sufficient pam_ldap.so
session required pam_unix.so
I've tried to add a line in the common-session file, something like this:
session [user_unknown=2 default=ignore] pam_ldap.so
Hoping this would skip the next 2 lines if the user wasn't found on the
ldap server. But this doens't seem to work. The following line did work,
but doens't do what I want:
session [default=2] pam_ldap.so
In this case ALL users skip the next two lines.
Has anyone a clue what I'm doing wrong? Is there something wrong in my
syntax? Or is the complexe approach wrong?
Greetings,
Heiko
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
