problem with command order in auth block
Michael Hamann
mail at mhamann.net
Mon May 9 11:16:49 UTC 2005
Hey,
I´m playing with some pam modules to set up a linux workstation system
integrated in an active directory including the mapping of home and
groupdirectories.
To mount the shares after login I need to save the password temporarily
what I do with a pam modules pam_storepw in the "auth" section.
Almost everything works fine for me except the fact that I can´t combine
winbind and unix authentication plus the pam_storepw module.
for example my /etc/pam.d/gdm
### Auth Settings
auth required pam_env.so
auth sufficient pam_winbind.so
auth required pam_unix.so try_first_pass
auth required pam_storepw.so
auth required pam_nologin.so
Here the problem is, if I successfully auth against winbind, the store_pw
is not executed.
my /var/log/auth:
May 9 13:00:42 localhost pam_winbind[19655]: user 'tglatzel' granted access
May 9 13:00:42 localhost pam_winbind[19655]: user 'tglatzel' granted access
May 9 13:00:42 localhost gdm[19655]: (pam_unix) session opened for user
tglatzel by (uid=0)
I can login but the password module is not executed.
If I change my pam configuration for gdm to:
auth required pam_env.so
auth required pam_winbind.so
# auth required pam_unix.so try_first_pass
auth required pam_storepw.so
auth required pam_nologin.so
then I can login (only auth with winbind) and get the following logfile.
In this case it works exactly the way I want it to but I can´t login with
local user accounts...
May 9 13:11:57 localhost pam_winbind[1684]: user 'tglatzel' granted access
May 9 13:11:57 localhost pam_storepw[1684]: PAM StorePW is running
May 9 13:11:57 localhost pam_storepw[1684]: writing to
/var/run/pw/tglatzel.pw
May 9 13:11:57 localhost gdm[1684]: Sending QUERYLOGIN == tglatzel for
slave 1684
May 9 13:11:57 localhost gdm[1684]: Sending QUERYLOGIN 1684 tglatzel
May 9 13:11:57 localhost pam_winbind[1684]: user 'tglatzel' granted access
May 9 13:11:58 localhost gdm[1684]: (pam_unix) session opened for user
tglatzel by (uid=0)
I would like to combine auth against local system via unix users and in a
second step against the active directory via winbind...
I think I made a mistake in the order of the auth commands...
Does anybody has a clue on how to fix this?
Thank you
Michael
More information about the Pam-list
mailing list