pam_mkhomedir 777 on parent directory

[Joey Trungale]

Hello,

I have sshd using pam_mkhomedir to create home directories as users are
authenticated with pam_winbind.  The home directory setup
is /home/NT_DOMAIN/username. The only problem with this is that
NT_DOMAIN must be 777 in order for pam to be able to create the users
directory in it.  I'm guessing this is because pam drops privs before it
gets to this point...maybe it's run as the user.  Has anyone ran into
this problem before?  Any ideas on how to keep my users (who must have
shell accts) from being able to write to the parent directory of their
$HOMEDIR?  If this is on the wrong mailing list, let me know.

Thanks in advance.