[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: smbmount and PAM

On Mon, 27 Mar 2000, Steve Langasek wrote:

> On Sat, 25 Mar 2000, Rob Bos wrote:
> > I would like to be able to have PAM (or any utility) automatically mount SMB
> > volumes.  The user name and password to access a given share on that volume -
> > \\sphinx\$username -U $username -P $passwd - are required.  As it stands, any
> > linux implementation in the computer labs that automatically mounts user home
> > directories will require the user to enter the password twice.
> > I'd like to avoid this; is it conceivable to use a PAM module to pass the
> > user's password to smbmount as entered?  Is PAM designed to make this
> > possible? If so, how?! ;)
> It is possible to do this with PAM.  What you would need is a special PAM
> module that takes the password from a successful authentication and passes it
> to a mount command.
> On the subject of passing password items around, the Linux-PAM documentation
> says:
>           The authentication token (password). This token should be
>           ignored by all module functions besides pam_sm_authenticate()
>           and pam_sm_chauthtok(). In the former function it is used to
>           pass the most recent authentication token from one stacked
>           module to another. In the latter function the token is used for
>           another purpose. It contains the currently active
>           authentication token.
> However, it seems to me that what you want is a closer fit for a session
> module than an authentication module.  Since the above recommendation is not
> enforced in the library, I think it's better to do this as a session module
> (just IMHO, of course).
> I would also recommend implementing this against the new (Samba 2.0.6) version
> of smbmount, so that the pam module can simply call /bin/mount:  in theory,
> the module would then be usable for other types of
> password-authenticated filesystems as well.

	Just my 0.02$: care should be taken to avoid mounting the same
volume multiple times; also, to decide when a volume should be
unmounted. Unfortunately, there is no way you can be sure a session is
closed (logging out cleanly may do, but a crashed connection -- I don't
know). Maybe you may consider using autofs for this (so that the mount to
expire after some time). autofs would greatly simplify things, IMHO.


Mihai Ibanescu

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []