FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-16-2010, 10:28 AM
Rob Kampen
 
Default pam_mount

Marcus Moeller wrote:

Hi all,

I am a bit confused about the usage of pam_mount.

Here is my /etc/pam.d/system-auth:

auth required pam_env.so
auth required pam_mount.so


add use_first_pass to this??

auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
session optional pam_mount.so

If pam_mount.so is listed in the session definition I will be asked
for the password a second time during SSH login:

At this stage the share is already mounted.

I can just remove the:

session optional pam_mount.so

from system-auth which seem to work fine. Even the share is unmounted
successfully on logout.

So my question is: what is the session entry used for within pam_mount
(as the usage is suggested in the man page and in the docs)?

Best Regards
Marcus
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2010, 10:34 AM
Marcus Moeller
 
Default pam_mount

Hi.

>> I am a bit confused about the usage of pam_mount.
>>
>> Here is my /etc/pam.d/system-auth:
>>
>> auth * * * *required * * *pam_env.so
>> auth * * * *required * * *pam_mount.so
>>
>
> add use_first_pass to this??

In auth stage the pam_mount requests it's passwd from stdin and passes
it to the other modules.

>> If pam_mount.so is listed in the session definition I will be asked
>> for the password a second time during SSH login:

As noted, the second password request is called in session stage which
does not accept pass options (and should not even ask for a password
afaik)

>> So my question is: what is the session entry used for within pam_mount
>> (as the usage is suggested in the man page and in the docs)?

Best Regards
Marcus
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:57 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org