LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 06-10-2005, 08:59 AM   #1
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 135

Rep: Reputation: 17
pam_mount + pam_winbind + pam_krb5. All in one (?)


Okay.

I have Active Directory's users logging into Linux clients thanks to pam_winbind.
I have Samba Shares mounted at login and unmounted at logoff thanks to pam_mount.
I have Cups printing to a Windows Print Queue WITH user authentication thanks to a patched smbspool and Kerberos ticket.

What I need now is to retrieve kerberos tickets at login time WITHOUT prompting for a password. I know pam_krb5 does that, but I can't manage to fit it into /etc/pam.d/system-auth along with pam_winbind and pam_mount.

Thatś my system-auth file:

#%PAM-1.0

auth required pam_mount.so
auth sufficient pam_winbind.so
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so

account sufficient pam_winbind.so
account required pam_unix.so

password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_winbind.so use_authtok
password required pam_deny.so

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so
session optional pam_mount.so


Anyone may help me out?

Tks
 
Old 06-14-2005, 07:01 PM   #2
linlu
LQ Newbie
 
Registered: Nov 2001
Location: Virginia
Posts: 20

Rep: Reputation: 0
Isn't pam order sensitive?

I thought that the sufficient tests had to appear before the required in PAM because rules are evaluated in the order they appear. I maybe wrong but logically if you "require" something then it doesn't make sense to have an optional test (sufficient) afterwards.
 
Old 06-15-2005, 06:49 AM   #3
Thakowbbery
Member
 
Registered: Mar 2005
Posts: 135

Original Poster
Rep: Reputation: 17
Actually the current file as it is works perfectly.
The problem is fitting pam_krb5.so into it so that a kerberos ticket is retrieved when user logs in.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam_krb5 won't retrieve a kerberos ticket Thakowbbery Conectiva 1 01-10-2007 05:20 AM
pam_krb5.so fails to retreive ticket nilecirb Linux - Networking 0 07-29-2005 11:06 PM
pam_winbind/NTLM/samba JivnJT Linux - Security 0 01-18-2005 11:29 PM
How to setup pam_mount? mauro_haller Linux - Networking 0 03-08-2004 09:26 PM
pam_krb5 source code mbtoys Linux - Networking 0 08-27-2003 07:54 AM


All times are GMT -5. The time now is 01:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration