[ale] Anybody done fancy reconfiguration of PAM on Fedora

Thompson Freeman tfreeman at intel.digichem.net
Thu Jan 10 16:26:13 EST 2008 

Ok. Tried it and it failed. with an error message that  
blinked past so fast I never saw what it said. So I  
replaced "required" with "optional" (I'm not going live yet  
here) so I could at least see the message. It claims to be  
creating the home directory, and failing with a lack of  
permissions (mumble mumble selinux mumble).

So I went nuts and tried putting the optional form at every  
session line in the /etc/pam.d/login and a few within the  
/etc/pam.d/system-auth-ac files. No joy.

Evidently something either needs to be added to give a  
useable selinux context, or something.  Off for some more  
searching and muttering. Wish I could find some  
comprehensible docs on this whole exercise. What I'm  
finding is generic bumpft and isn't showing how selinux is  
being delt with here.

Thanks for the suggestion tho.
On 01/10/2008 02:00:03 PM, timothy at meanor.net wrote:
> Just add something like this:
> session     required      /lib/security/pam_mkhomedir.so
> skel=/etc/skel/ umask=0022
> 
> to /etc/pam.d/system-auth (put it before the "session
> required  pam_limits.so" line).
> 
> If you don't want it to be overwritten by authconfig, you
> can always cp system-auth-ac to a different file (say,
> system-auth-nodelete) and link system-auth to that.
> 
> -Tim
> 
> >>
> >>Anybody here done any fancy reconfiguration of the PAM
> subsystem on
> >>Fedora? If you have, I'd love to steal your
> experience...
> >>
> >>What I'm looking for is the appropriate place to add a
> call to
> >>pam_mkhomedir.so in the PAM setup found in Fedora 8.
> Best I can figure so
> >>far, the candidate locations are in /etc/pam.d/login &
> /etc/pam.d/gdm or
> >>in /etc/pam.d/system-auth (which is really just a
> symlink to
> >>/etc/pam.d/system-auth-ac). Using the login & gdm pair
> means looking after
> >>and remembering two locations of change, and testing
> both. A pain.
> >>However, system-auth-ac is a target for the authconfig
> script and therefor
> >>subject to being overwritten. While this is for a
> personal/family use
> >>machine, I'd like to not break scripts.
> >>
> >>As for motivation. With all my offspring being largely
> out of nest, there
> >>is limited opportunity for them to log in here at the
> house. Still, I
> >>prefer to maintain accounts for them. By using the
> pam_mkhomedir module, I
> >>hope to be able to let them log in to their accounts
> without having to
> >>actually maintain the directory system under home for
> them. I can just
> >>copy the appropriate portions of /etc/passwd,
> /etc/shadow/, and /etc/group
> >>and be done with it.
> >>_______________________________________________
> >>Ale mailing list
> >>Ale at ale.org
> >>http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
>

More information about the Ale mailing list