Bug 232040
Summary: | pam_mount needs to be first entry in /etc/pam.d/SERVICE configuration | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kevin R. Page <redhat-bugzilla> |
Component: | pam_mount | Assignee: | Till Maas <opensource> |
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-07-17 12:48:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kevin R. Page
2007-03-13 18:02:46 UTC
(In reply to comment #0) > Contrary to /usr/share/doc/pam_mount-0.18/README and anecdotal evidence of > #%PAM-1.0 > auth required pam_env.so > auth include system-auth If you look into /etc/pam.d/system-auth, which is included, you will notice that there is a "auth sufficent <something>" line in it. pam_mount needs to be invoked before any "auth sufficient" line, because only pam modules until the firs suceeding sufficient module will be used. This is somehow already mentioned in the README, except that the "include" keyword is not mentioned. Ah, i just noticed that pam_mount gets executed but does not get the password in this configuration. Hm, but maybe this is only the session part. I will ask upstream. From Fedora Core 5 release notes: http://download.fedora.redhat.com/pub/fedora/linux/core/5/i386/os/RELEASE-NOTES-en.html #%PAM-1.0 auth required pam_securetty.so auth include system-auth # no module should remain after 'include' if 'sufficient' might # be used in the included configuration file # pam_nologin moved to account phase - it's more appropriate there # other modules might be moved before the system-auth 'include' So I guess auth required pam_env.so auth include system-auth auth optional pam_mount.so use_first_pass will never work. There is an additional note now in upstreams repository, that will be included in the next upstream release: http://pam-mount.svn.sourceforge.net/viewvc/pam-mount/trunk/dry/pam_mount.8?r1=223&r2=222&pathrev=223 |