[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomedir.so trouble



On Tue, Dec 09, 2003 at 10:34:04AM +0500, Sergey wrote:
> Hi all!
> I have
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0066
> Then
> bash-2.05b$ ssh apex -ltest
> test apex csu ac ru's password: 
> Connection to apex.csu.ac.ru closed by remote host.
> Connection to apex.csu.ac.ru closed.
> 
> At auth.log:
> Dec  9 10:27:36 apex sshd[28124]: Accepted password for test from
> ::ffff:192.168.86.34 port 37418 ssh2
> Dec  9 10:27:36 apex PAM-mkhomedir[17654]: unable to create directory
> /home/test
> Dec  9 10:27:36 apex ssh(pam_unix)[17654]: session opened for user test
> by (uid=1201)
> Dec  9 10:27:36 apex sshd[17654]: fatal: PAM session setup failed[6]:
> Permission denied
> 
> What should I fix to enable user to login?

recent ssh versions added PrivilegeSeperation, this also causes pam
sessions to be run as the user, instead of as root, thus pam_mkhomedir
lacks any permission to do things like create home directories.

you can either disable PrivilegeSeperation and reduce sshd security,
or rewrite pam-mkhomedir to use a setuid helper.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00001.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]