Pam-list Digest, Vol 41, Issue 6

Whittier, Kevin CTR 63134 kevin.whittier.ctr at navy.mil
Wed Jul 11 14:42:37 UTC 2007 

Juan,
In the auth section you need to authenticate the user first and if that succeeds then mount their directory. Try this:

auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass
auth optional pam_mount.so use_first_pass

When the user is authenticated either by pam_winbind or pam_unix (note the re-use of the password), then the pam_mount can also re-use the password (The password is only required if the file system is encrypted) to optionally mount the directory. If pam_mount fails for some reason the login will still succeed.


Kevin Whittier (CISSP)
Senior Linux Architect
Fleet Numerical Meteorology and Oceanography Center (FNMOC)
831 656-4603
Kevin.whittier.ctr at navy.mil

-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On Behalf Of Andreas Schindler
Sent: Tuesday, July 10, 2007 23:26
To: pam-list at redhat.com
Subject: Re: Pam-list Digest, Vol 41, Issue 6


> Here are my other pam files,
>
>
> /etc/pam.d/common-auth:
>
> auth required pam_mount.so
> auth sufficient pam_winbind.so use_first_pass auth required 
> pam_unix.so nullok_secure use_first_pass
>
>
> /etc/pam.d/common-pammount:
>
> auth       optional   pam_mount.so use_first_pass
> session    optional   pam_mount.so use_first_pass
>
>
> /etc/pam.d/common-session:
>
> session required        pam_unix.so
> session required        pam_mkhomedir.so umask=0022 skel=/etc/skel
> session optional        pam_mount.so
>
>
> Can someone please tell me what is going wrong?
>
>    Juan
>
>   
Juan,

IMHO pam_mount under section 'auth' doesn't make sense. Mounting devices is a property of the session. What should pam_mount authenticate against? Please try and remove the 'auth'
entries of pam_mount and try again.

Regards
Andreas

--
Dr.-Ing. Andreas Schindler
 
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
 
Telefon 06103-57187-21
Telefax 06103-373245
 
schindler at az1.de
www.az1.de

Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle 



_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list