[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: smbmount and PAM

On Sat, 25 Mar 2000, Rob Bos wrote:

> I would like to be able to have PAM (or any utility) automatically mount SMB
> volumes.  The user name and password to access a given share on that volume -
> \\sphinx\$username -U $username -P $passwd - are required.  As it stands, any
> linux implementation in the computer labs that automatically mounts user home
> directories will require the user to enter the password twice.

> I'd like to avoid this; is it conceivable to use a PAM module to pass the
> user's password to smbmount as entered?  Is PAM designed to make this
> possible? If so, how?! ;)

It is possible to do this with PAM.  What you would need is a special PAM
module that takes the password from a successful authentication and passes it
to a mount command.

On the subject of passing password items around, the Linux-PAM documentation

          The authentication token (password). This token should be
          ignored by all module functions besides pam_sm_authenticate()
          and pam_sm_chauthtok(). In the former function it is used to
          pass the most recent authentication token from one stacked
          module to another. In the latter function the token is used for
          another purpose. It contains the currently active
          authentication token.

However, it seems to me that what you want is a closer fit for a session
module than an authentication module.  Since the above recommendation is not
enforced in the library, I think it's better to do this as a session module
(just IMHO, of course).

I would also recommend implementing this against the new (Samba 2.0.6) version
of smbmount, so that the pam module can simply call /bin/mount:  in theory,
the module would then be usable for other types of
password-authenticated filesystems as well.

Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []