[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pam-list
Subject:    (no subject)
From:       Sébastien Tricaud <stricaud () mwsp ! net>
Date:       2003-01-24 10:26:36
[Download RAW message or body]

Hi,

I administrate a 800 computers network and the authentication is based
on a ldap server and the user's data are on a samba server.
We have a directories called '/home/common', '/home/shares'... etc.
Users don't have their own home directory, they are authenticated using
the pam_ldap module.

Our configuration file is the following
auth     required       pam_nologin.so
auth     required       pam_ldap.so
auth     required       pam_mount.so use_firstpass
account  required       pam_unix.so
session  required       pam_unix.so
session  required       pam_mkdir.so umask=0022 directory=/home/common
session  required       pam_mkdir.so umask=0022 directory=/home/shares
session  required       pam_mount.so

the module pam_mkdir is a module that I wrote for this purpose (creating
the directories, inspirated from pam_mkhomedir).
When authenticating, the directories are created with good rights, but
shares are not mounted. Even if I put pam_mount after pam_mkdir.
I walked into the source code of pam_mount and I saw that this module
mount the shares for the authentication and not for the session.

<code>
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
                                   int argc, const char **argv)
{
        return PAM_SUCCESS;
}
</code>

Thus, session is useless for pam_mount.

So, I thought that put the directory creation in the auth step could be
a good idea.
(
auth  required       pam_mkdir.so umask=0022 directory=/home/common
auth  required       pam_mkdir.so umask=0022 directory=/home/shares
auth  required       pam_mount.so use_firstpass
)


But the login step doesn't success, do you have an idea ?

mine is that the pam_mount module should move its mount code from auth
to session, but the module is hard to maintain (the MakeFile is badly
written thus some includes are missing and we should add'em by hand).

Do you know other modules than pam_mount to mount the SAMBA shares ?
Can I miss something in my pam_mkdir code for auth which differs from
session (exepted for the proto the function struct pam_module that I've
change according to other source code using the auth process).

Is it allow to be able to create de directory through the auth process ?
(if so.. why does the pam_mount module is able to mount shares here?)


Thanks a lot,


-- 
Sébastien Tricaud <stricaud@mwsp.net>



_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic