[CentOS] nis and new users

Tue Apr 15 17:44:44 UTC 2008
Ross S. W. Walker <rwalker at medallion.com>

Jason Pyeron wrote:
> 
> Ross S. W. Walker wrote:
> > 
> > Jason Pyeron wrote:
> > >
> > > but still get:
> > >
> > > Last login: Tue Apr 15 11:24:57 2008 from xxxxxxxx.myvzw.com
> > > Could not chdir to home directory /home/USER: No such file or
> > > directory
> > > -bash-3.00$
> > >
> > > Any ideas?
> > 
> > Well what you have will only cover console logins via the login
> > process, not GUI xdm/gdm/kdm or ssh/telnet/ftp/rsh logins.
> > 
> > Try this:
> > 
> > /etc/pam.d/system-auth
> > #%PAM-1.0
> > # This file is auto-generated.
> > # User changes will be destroyed the next time authconfig is run.
> > auth        required      pam_env.so
> > auth        optional      pam_group.so
> > auth        sufficient    pam_unix.so nullok try_first_pass
> > auth        requisite     pam_succeed_if.so uid >= 500 quiet
> > auth        sufficient    pam_krb5.so use_first_pass
> > auth        required      pam_deny.so
> > 
> > account     required      pam_unix.so broken_shadow
> > account     sufficient    pam_localuser.so
> > account     sufficient    pam_succeed_if.so uid < 500 quiet
> > account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
> > account     required      pam_permit.so
> > 
> > password    requisite     pam_cracklib.so try_first_pass retry=3
> > password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
> > password    sufficient    pam_krb5.so use_authtok
> > password    required      pam_deny.so
> > 
> > session     optional      pam_keyinit.so revoke
> > session     required      pam_mkhomedir.so skel=/etc/skel umask=0077 silent
> > session     required      pam_limits.so
> > session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
> > session     required      pam_unix.so
> > session     optional      pam_krb5.so
> > 
> > Of course tailor for your environment.
> > 
> 
> Defaults are fine for our use.
> 
> > I have tested this config to persist through different authconfig's.
> > 
> 
> How? It gets blown away here.
> 

Disregard, I must have been thinking of something else, yes
authconfig blows these away.

It would be nice if authconfig stuck in includes to a separate
pam for local configuration to be preserved, or if they used
template files for creating the default configuration.

If they used templates the python scripts would probably be
a lot smaller and less complex and would allow administrators
to customize the templates for their environment.

Anyways I'm going to put mine in a system-auth-local file
and stick in includes and see if that works better in the
long run.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.