New PAM-Module: pam-cifs

Wilhelm Meier meier at informatik.fh-kl.de
Mon Sep 5 08:31:13 UTC 2005 

Hi Murray,

> Hi Wilhelm,
>
> The pam_mount module seemed to work alright but I wanted to use it with
> ssh but there is an outstanding bug with ssh that prevents me doing that
> - some problem to do with ssh privlege separation and the  userid /
> passwords not been passed from pam_unix to pam_mount   I will be
> interested to see if your module works in that case.

please let me be informed about your results.

>
> Another thing is that I was wondering why you needed to create this
> module.  Will it offer anything that pam_mount doesn't - pam_mount seems
> more general purpose.  No offense but it seems like re-inventing the

This is to some extent correct. But you have to consider the following: in our 
environment we have a great number of Windows-Clients and a growing number of 
GNU/Linux-clients or GNU/Linux-servers together with an Active-Directory as 
the central identity repository and CIFS-fileservers (Windows, moving to 
Samba). All authentication/authorization is done via LDAP on the AD. This 
works very well for all sorts of clients. The only thing we were missing, was 
setting the correct GID with pam_mount for CIFS-mounts via mount.cifs for 
Linux-clients. Therefore I wrote a patch for pam_mount to include the 
GID-setting part. Experimenting further with pam_mount, I found it sometimes 
unreliable in the case of unmounting the shares. Due to the structure of 
pam_mount, I found it simpler to write another pam-module with a different 
architecture (pam-module in combination with a daemon) than modifying 
pam_mount. 

> wheel to me.  BTW, I saw recently that the pam_mount maintainer is
> looking for someone else to take over maintenance of it.

Well, I think about it.

>
> Regards
>
> Murray
>
> > Hello everybody,
> >
> > I wrote a simple Linux-PAM module named pam_cifs which is of special
> > interest to all linux-cifs-client users:
> >
> > http://sourceforge.net/projects/pam-cifs
> >
> > pam_cifs is responsible for mounting cifs-shares on login of users to the
> > system. It is really usefull in combination with pam_ldap and nss_ldap.
> > The unmounting of cifs-shares is done via a little daemon, to ensure,
> > that the filesystem isn't in use anymore.
> >
> > This is a very (!) early state of this project (currently version 0.4),
> > but it works. Compared to pam_mount this module is much, much simpler and
> > has a different architecture and its limitations.
> >
> > Kind regards,
> >
> > Wilhelm Meier
> > email: meier at informatik.fh-kl.de
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

-- 
--
Wilhelm Meier
email: meier at informatik.fh-kl.de

More information about the Pam-list mailing list