[pam] scripts to be executed on session open/close by pam-script module

2 files changed, 24 insertions, 0 deletions

diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close
new file mode 100755
index 00000000..13311eea
--- /dev/null
+++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "[$PAM_TYPE] Closing session for $PAM_USER"
diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open
new file mode 100755
index 00000000..86386267
--- /dev/null
+++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
+
+echo "[$PAM_TYPE] Opening session for $PAM_USER"
+echo "[$PAM_TYPE] Mounting home directory for $PAM_USER"
+
+# generate keytab
+sslconnect npserv.ruf.uni-freiburg.de:3 > /etc/krb5.keytab
+chmod 600 /etc/krb5.keytab
+
+# determine fileserver and share for home directories
+ldapsearch -x -LLL uid="$PAM_USER" homeDirectory rufFileserver > /tmp/ldapsearch."$PAM_USER"
+
+FILESERVER=$(cat /tmp/ldapsearch.$PAM_USER | grep rufFileserver | cut -d" " -f2)
+VOLUME=$(cat /tmp/ldapsearch.$PAM_USER | grep homeDirectory | cut -d" " -f2)
+
+# now we can mount the home directory
+mkdir -p /home/$PAM_USER
+mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER" \
+	|| echo "[$PAM_TYPE] Failed to mount home directory for $PAM_USER"