summaryrefslogtreecommitdiffstats
path: root/remote/modules/pam/data
diff options
context:
space:
mode:
Diffstat (limited to 'remote/modules/pam/data')
-rwxr-xr-xremote/modules/pam/data/etc/pam-script/pam_script_ses_close2
-rwxr-xr-xremote/modules/pam/data/etc/pam-script/pam_script_ses_open9
-rw-r--r--remote/modules/pam/data/etc/pam.d/common-auth3
-rw-r--r--remote/modules/pam/data/etc/pam.d/common-session4
4 files changed, 14 insertions, 4 deletions
diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close
index b5fa5ba7..8bc8d3bb 100755
--- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_close
+++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_close
@@ -1,5 +1,7 @@
#!/bin/bash
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
+
echo "[$PAM_TYPE] Closing session for $PAM_USER"
[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER
diff --git a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open
index 4acc74cc..79a94169 100755
--- a/remote/modules/pam/data/etc/pam-script/pam_script_ses_open
+++ b/remote/modules/pam/data/etc/pam-script/pam_script_ses_open
@@ -19,7 +19,12 @@ if [ $(id -g $PAM_USER) -eq 1001 ]; then
# now we can mount the home directory
mkdir -p /home/$PAM_USER
- mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER" \
- || echo "[$PAM_TYPE] Failed to mount home directory for $PAM_USER"
+ if mount -t nfs4 -o rw,nosuid,nodev,nolock,intr,hard,sloppy,sec=krb5p "$FILESERVER":"$VOLUME" /home/"$PAM_USER"; then
+ exit 0
+ else
+ echo "Failed to mount home directory for $PAM_USER"
+ exit 1
+ fi
+
fi
diff --git a/remote/modules/pam/data/etc/pam.d/common-auth b/remote/modules/pam/data/etc/pam.d/common-auth
index 1fa577e7..5b544395 100644
--- a/remote/modules/pam/data/etc/pam.d/common-auth
+++ b/remote/modules/pam/data/etc/pam.d/common-auth
@@ -14,7 +14,8 @@
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
-auth [success=2 default=ignore] pam_unix.so
+auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
+auth [success=2 default=ignore] pam_unix.so try_first_pass
auth [success=1 default=ignore] pam_ldap.so use_first_pass nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
diff --git a/remote/modules/pam/data/etc/pam.d/common-session b/remote/modules/pam/data/etc/pam.d/common-session
index c5813892..9210dfbb 100644
--- a/remote/modules/pam/data/etc/pam.d/common-session
+++ b/remote/modules/pam/data/etc/pam.d/common-session
@@ -26,8 +26,10 @@ session required pam_permit.so
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
+session required pam_systemd.so
+session optional pam_krb5.so minimum_uid=1000
session [success=1] pam_unix.so
session [success=ok] pam_ldap.so
+session sufficient pam_script.so
session optional pam_mkhomedir.so skel=/etc/skel umask=0022
-session required pam_systemd.so kill-session-processes=1
# end of pam-auth-update config
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-02 00:20:08 +0100