Pam-list Digest, Vol 41, Issue 6
Whittier, Kevin CTR 63134
kevin.whittier.ctr at navy.mil
Wed Jul 11 14:42:37 UTC 2007
Juan,
In the auth section you need to authenticate the user first and if that succeeds then mount their directory. Try this:
auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass
auth optional pam_mount.so use_first_pass
When the user is authenticated either by pam_winbind or pam_unix (note the re-use of the password), then the pam_mount can also re-use the password (The password is only required if the file system is encrypted) to optionally mount the directory. If pam_mount fails for some reason the login will still succeed.
Kevin Whittier (CISSP)
Senior Linux Architect
Fleet Numerical Meteorology and Oceanography Center (FNMOC)
831 656-4603
Kevin.whittier.ctr at navy.mil
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] On Behalf Of Andreas Schindler
Sent: Tuesday, July 10, 2007 23:26
To: pam-list at redhat.com
Subject: Re: Pam-list Digest, Vol 41, Issue 6
> Here are my other pam files,
>
>
> /etc/pam.d/common-auth:
>
> auth required pam_mount.so
> auth sufficient pam_winbind.so use_first_pass auth required
> pam_unix.so nullok_secure use_first_pass
>
>
> /etc/pam.d/common-pammount:
>
> auth optional pam_mount.so use_first_pass
> session optional pam_mount.so use_first_pass
>
>
> /etc/pam.d/common-session:
>
> session required pam_unix.so
> session required pam_mkhomedir.so umask=0022 skel=/etc/skel
> session optional pam_mount.so
>
>
> Can someone please tell me what is going wrong?
>
> Juan
>
>
Juan,
IMHO pam_mount under section 'auth' doesn't make sense. Mounting devices is a property of the session. What should pam_mount authenticate against? Please try and remove the 'auth'
entries of pam_mount and try again.
Regards
Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at az1.de
www.az1.de
Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list