[CentOS] pam_mount

Tue Feb 16 11:28:40 UTC 2010
Rob Kampen <rkampen at kampensonline.com>

Marcus Moeller wrote:
> Hi all,
>
> I am a bit confused about the usage of pam_mount.
>
> Here is my /etc/pam.d/system-auth:
>
> auth        required      pam_env.so
> auth        required      pam_mount.so
>   
add use_first_pass to this??
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        sufficient    pam_krb5.so use_first_pass
> auth        required      pam_deny.so
>
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
> account     required      pam_permit.so
>
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    sufficient    pam_unix.so sha512 shadow nullok
> try_first_pass use_authtok
> password    sufficient    pam_krb5.so use_authtok
> password    required      pam_deny.so
>
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     optional      pam_mkhomedir.so
> session     [success=1 default=ignore] pam_succeed_if.so service in
> crond quiet use_uid
> session     required      pam_unix.so
> session     optional      pam_krb5.so
> session     optional      pam_mount.so
>
> If pam_mount.so is listed in the session definition I will be asked
> for the password a second time during SSH login:
>
> At this stage the share is already mounted.
>
> I can just remove the:
>
> session     optional      pam_mount.so
>
> from system-auth which seem to work fine. Even the share is unmounted
> successfully on logout.
>
> So my question is: what is the session entry used for within pam_mount
> (as the usage is suggested in the man page and in the docs)?
>
> Best Regards
> Marcus
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 196 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20100216/0c162897/attachment-0005.vcf>