diff options
| author | Jonathan Bauer | 2013-06-27 18:21:49 +0200 |
|---|---|---|
| committer | Jonathan Bauer | 2013-06-27 18:21:49 +0200 |
| commit | 0928db5dc3076437dbbc9b3888533ba7cda8fa28 (patch) | |
| tree | 49e3d418d5bc869756d7d0b37087923c37622a56 /remote/modules/pam/data | |
| parent | [pam] Remove required files which cannot be found (diff) | |
| download | tm-scripts-0928db5dc3076437dbbc9b3888533ba7cda8fa28.tar.gz tm-scripts-0928db5dc3076437dbbc9b3888533ba7cda8fa28.tar.xz tm-scripts-0928db5dc3076437dbbc9b3888533ba7cda8fa28.zip | |
[pam] krb5 support for home
Diffstat (limited to 'remote/modules/pam/data')
4 files changed, 14 insertions, 4 deletions
diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close index b5fa5ba7..8bc8d3bb 100755 --- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close +++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close @@ -1,5 +1,7 @@ #!/bin/bash +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin" + echo "[$PAM_TYPE] Closing session for $PAM_USER" [ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open index 4acc74cc..79a94169 100755 --- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open +++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open @@ -19,7 +19,12 @@ if [ $(id -g $PAM_USER) -eq 1001 ]; then # now we can mount the home directory mkdir -p /home/$PAM_USER - mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER" \ - || echo "[$PAM_TYPE] Failed to mount home directory for $PAM_USER" + if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then + exit 0 + else + echo "Failed to mount home directory for $PAM_USER" + exit 1 + fi + fi diff --git a/remote/modules/pam/data/etc/pam.d/common-auth b/remote/modules/pam/data/etc/pam.d/common-auth index 1fa577e7..5b544395 100644 --- a/remote/modules/pam/data/etc/pam.d/common-auth +++ b/remote/modules/pam/data/etc/pam.d/common-auth @@ -14,7 +14,8 @@ # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) -auth [success=2 default=ignore] pam_unix.so +auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 +auth [success=2 default=ignore] pam_unix.so try_first_pass auth [success=1 default=ignore] pam_ldap.so use_first_pass nullok_secure # here's the fallback if no module succeeds auth requisite pam_deny.so diff --git a/remote/modules/pam/data/etc/pam.d/common-session b/remote/modules/pam/data/etc/pam.d/common-session index c5813892..9210dfbb 100644 --- a/remote/modules/pam/data/etc/pam.d/common-session +++ b/remote/modules/pam/data/etc/pam.d/common-session @@ -26,8 +26,10 @@ session required pam_permit.so # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) +session required pam_systemd.so +session optional pam_krb5.so minimum_uid=1000 session [success=1] pam_unix.so session [success=ok] pam_ldap.so +session sufficient pam_script.so session optional pam_mkhomedir.so skel=/etc/skel umask=0022 -session required pam_systemd.so kill-session-processes=1 # end of pam-auth-update config |