[Debian] Seltsame pam-module
Hallo *,
ich beobachte ein komisches Verhalten bei von mir eingesetzten
pam-modulen. Und zwar funktiniert seid neustem der gdm login fuer
einen anonymen benutzer nicht mehr.
Ich hab das ganze mit dem pam_if module und einem von mir
modifizierten pam modul, welches ich pam_run genannt habe realisiert.
wohlgemerkt nur gdm-login geht nicht; console login geht problemlos.
hat jemand ne Idee? ich haeg mal /etc/pam.d/{gdm,login} mit an die
Mail. Meine module findet ihr unter:
http://homepage.ruhr-uni-bochum.de/matthias.berse/pam.html
Waere nett, wenn ich zumindest ne Idee bekaeme wo was schiefgeht...
Gruss,
Matthias
--
+-------------created at Wed Oct 10 14:48:18 CEST 2001-----------------+
| Matthias Berse Phone:+49-234-3247885 |
\____Knappenstr.7 44799 Bochum, Germany______eMail: berse@gmx.de_____/
-----BEGIN GEEK CODE BLOCK-----
GIT/Sd-s:a-C++UL+++P+++L+++W++EN+K?wO-M?V?PS?PE?Y+PGP+t+5+>X+Rtvb+DI+>
D+e+++>h*r++y?
------END GEEK CODE BLOCK------
#
# The PAM configuration file for the Shadow `login' service
#
# NOTE: If you use a session module (such as kerberos or NIS+)
# that retains persistent credentials (like key caches, etc), you
# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs
# in order for login to stay around until after logout to call
# pam_close_session() and cleanup.
#
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth requisite pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth required pam_nologin.so
# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth required pam_env.so
# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth required pam_unix.so nullok
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please uncomment and edit /etc/security/group.conf if you
# wish to use this.
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
# auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Standard Un*x account and session
account required pam_unix.so
session required pam_unix.so
#
#
# Fuer den anonymen Benutzer
session required /usr/local/lib/pam/pam_if.so user=biber -- \
/usr/local/lib/pam/pam_run.so /usr/local/bin/mkhome
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
# can also enable a MAIL environment variable from here, but it
# is better handled by /etc/login.defs, since userdel also uses
# it to make sure that removing a user, also removes their mail
# spool file.
session optional pam_mail.so standard noenv
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries. For the login service, this is
# only used when the password expires and must be changed,
# so make sure this one and the one in /etc/pam.d/passwd
# are the same.
#
# (Add `md5' after the module name to enable MD5
# passwords the same way that `MD5_CRYPT_ENAB' would
# do under login.defs)
password required pam_unix.so
# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
#session required pam_mkhomedir.so skel=/etc/skel umask=0022
#%PAM-1.0
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix_auth.so
account required pam_unix_acct.so
password required pam_unix_passwd.so shadow
session required pam_unix_session.so
session required /usr/local/lib/pam/pam_if.so user=biber -- /usr/local/lib/pam/pam_run.so /usr/local/bin/mkhome
#!/bin/bash
#set -x
datum=`date +%y%m%d%H%M%S`.tar.bz2
if test -d /home/biber.alt
then tar cIf /var/mon/.mon/biber.$datum /home/biber.alt
rm -rf /home/biber.alt
fi
if test -d /home/biber
then mv /home/biber /home/biber.alt
chown root.root /home/biber.alt
chmod 745 /home/biber.alt
fi
cp -r /usr/local/etc/skel.biber /home/biber
chown -R biber.biber /home/biber
chmod 755 -R /home/biber
Reply to: