| Summary: | pam_mount does not reuse password after latest update | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Milan Kerslager <milan.kerslager> | ||||||||
| Component: | pam_mount | Assignee: | Till Maas <opensource> | ||||||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
| Severity: | unspecified | Docs Contact: | |||||||||
| Priority: | unspecified | ||||||||||
| Version: | 19 | CC: | jengelh, milan.kerslager, opensource, steve | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2013-09-21 15:10:57 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Attachments: |
|
||||||||||
|
Description
Milan Kerslager
2013-08-26 12:41:38 UTC
Milan, would you please add your pam and pam_mount config files? Jan, would you please take a look? Created attachment 790671 [details]
pam_mount.conf.xml
Created attachment 790686 [details]
/etc/pam.d/system-auth-ac
Created attachment 790688 [details]
system logs, pam_mount debug was on when huzva logged in
The password has to be entered twice to mount home directory form the server. Login server (contacted by winbind, Samba PDC) has the huzva account, there is no huzva account locally. The same server provide home directory for the user. So the password is the same.
Well. I'm not able to reproduce the behaviour of downgrading to older pam_mount at home. So I have to investigate it tomorrow at work once more. Milan, do you have any news? I can provide you with an update to 2.14, but it does not seem to contain many changes that might help here. I have a tip to use "enable_pam_password" option, but I did not try it yet by myself. Something like: auth optional pam_mount.so enable_pam_password session optional pam_mount.so enable_pam_password There is no "enable_pam_password" option, hence there is nothing to document. Your problem is that pam_mount.so is after "sufficient pam_unix.so". Under certain circumstances — namely that your account is managed through /etc/shadow — pam_mount's auth stage never gets called and thus cannot grab the password. This is already "resolved" in my git working copy where I have a modification cooking that updates the documentation about the importance of where "auth optional pam_mount.so" is supposed to go. >There is no "enable_pam_password" option, hence there is nothing to document.
Well spoke to soon — the option is there, but it is the default anyway. You would need a very good reason to use "disable_pam_password" (=force password re-entry) IMO.
>I tryed to use undocumented parametr enable_pam_password
And because three is a charm, it is even (loosely) documented: in doc/options.txt. :)
As far as I can see, this is not a bug in pam_mount. If it is, please re-open this bug. |