Pam-list Digest, Vol 41, Issue 6

Whittier, Kevin CTR 63134 kevin.whittier.ctr at
Wed Jul 11 14:42:37 UTC 2007

In the auth section you need to authenticate the user first and if that succeeds then mount their directory. Try this:

auth sufficient
auth required nullok_secure use_first_pass
auth optional use_first_pass

When the user is authenticated either by pam_winbind or pam_unix (note the re-use of the password), then the pam_mount can also re-use the password (The password is only required if the file system is encrypted) to optionally mount the directory. If pam_mount fails for some reason the login will still succeed.

Kevin Whittier (CISSP)
Senior Linux Architect
Fleet Numerical Meteorology and Oceanography Center (FNMOC)
831 656-4603
Kevin.whittier.ctr at

-----Original Message-----
From: pam-list-bounces at [mailto:pam-list-bounces at] On Behalf Of Andreas Schindler
Sent: Tuesday, July 10, 2007 23:26
To: pam-list at
Subject: Re: Pam-list Digest, Vol 41, Issue 6

> Here are my other pam files,
> /etc/pam.d/common-auth:
> auth required
> auth sufficient use_first_pass auth required 
> nullok_secure use_first_pass
> /etc/pam.d/common-pammount:
> auth       optional use_first_pass
> session    optional use_first_pass
> /etc/pam.d/common-session:
> session required
> session required umask=0022 skel=/etc/skel
> session optional
> Can someone please tell me what is going wrong?
>    Juan

IMHO pam_mount under section 'auth' doesn't make sense. Mounting devices is a property of the session. What should pam_mount authenticate against? Please try and remove the 'auth'
entries of pam_mount and try again.


Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at

Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle 

Pam-list mailing list
Pam-list at

More information about the Pam-list mailing list