From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.6) Gecko/20040115 Epiphany/1.0.7 Description of problem: Enclosed you should find a patch that adds support to authconfig for configuring pam_mount. Pam_mount is a PAM module that allows one to use their system password to mount volumes at login time. Several people have expresed interest in seeing pam_mount in Fedora and in order for this to be done right, authconfig must support pam_mount. Currently, the pam_mount package itself is well into the Fedora QA process. The patch itself works, though the code to read and write pam_mount.conf is a little rough. Pam_mount includes and uses the dot.conf library but I did not want to introduce this dependency to authconfig. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: Run authconfig and notice it can not configure pam_mount. Additional info:
Created attachment 97476 [details] Adds pam_mount support to authconfig.
In short, the patch looks sound overall, but it has its problems. I agree that the file read/write code is very rough, and needs to be refined before I'd trust it with other people's configuration files. It also needs additional code to expose the settings in the graphical counterpart.
I have looked at the GTK/Python code. Unfortunately, I am getting the following error from authconfig-gtk.py (I use a PowerPC-based computer): Traceback (most recent call last): File "./authconfig-gtk.py", line 2, in ? import authconfig, gettext, os, signal, sys ImportError: /home/mike/development/authconfig-4.6-1-pam_mount/authconfig-4.6-1/authconfigmodule.so: R_PPC_REL24 relocation at 0x0fdacec8 for symbol `strcmp' out of range Once I figure that out, I'll look at authconfig-gtk.py more. Until then, I will focus on the configuration reading and writing code.
Created attachment 97532 [details] Adds pam_mount support to authconfig/authconfig-gtk.py. This patch adds pam_mount support to authconfig-gtk.py as well. It is still rough, but I plan to continue work on it. The issues with reading and writing pam_mount.conf still exist (the code is too brittle).
Created attachment 97561 [details] Adds pam_mount support to authconfig/authconfig-gtk.py. This version of the patch cleans up the pam_mount.conf reading and writing code a lot. Also, the GTK interface is now more complete.
Created attachment 98343 [details] Adds pam_mount support to authconfig/authconfig-gtk.py.
The latest patch won't work for me. It fails on a FC2test1 system with gcc -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -O2 -g -pipe -march=i386 -mcpu=i686 -fPIC -Wall -Wunused -Wuninitialized -Wimplicit -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wcast-align -I/usr/include/python2.3 -Wall -O2 -g -pipe -march=i386 -mcpu=i686 -fPIC -Wall -Wunused -Wuninitialized -Wimplicit -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wcast-align -o authconfigmodule.so -shared authconfigmodule.o authinfo.o dnsclient.o shvar.o -lglib-2.0 -lresolv -lutil make[2]: *** No rule to make target `pyauthconfig.c', needed by `pyauthconfig.o'. Stop. make[2]: Leaving directory `/home/rxc13/rpm/BUILD/authconfig-4.6.1-1' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/rxc13/rpm/BUILD/authconfig-4.6.1-1' make: *** [all] Error 2 It seems to build if, in the Makefile, I move pyauthconfig.py from pythonsite_PROGRAMS to pkgdata_SCRIPTS. Also, even if debug is set to 1, the GTK interface shows it as disabled (although it IS preserved when you save the configuration back). More reports as I test the patch.
I encountered a few glitches with a stock installation, but the bulk of them seems to be due to the default pam_mount.conf file and thus out of the scope of this report. The list in the volume window is too small, in the initial configuration with no volumes configured, as well as when you add volumes or reopen the window. It only shows one volume at a time. Should the window be resizable, maybe? Also, there's no CIFS option in the volume type chooser. This might be important as FC2 dropped SMB in favour of CFS. One feature that might help new or occasional users is making sure that the options in the "required" list are present in the "allow" list (or that the latter contains a "*"). Since it's a GUI tool, checks like this are IMHO necessary. Tooltips would help a lot, but I just realised that there are no other tooltips anywhere else in the program. Maybe that's better left for a separate report.
Created attachment 98411 [details] Adds pam_mount support to authconfig/authconfig-gtk.py. I made the following changes to my patch (thanks Rudi!): 1. The deprecated -S option is no longer used in the default cifsmount definition. 2. The pyauthconfig.py module should now install properly. 3. The debug and mkmountpoint checkboxes in the pam_mount configuration window now work. 4. The CIFS filesystem type is now in the list of available types when adding or editing a volume definition. 5. The GTK windowsizes should now be more sane.
Created attachment 98514 [details] Adds pam_mount support to authconfig/authconfig-gtk.py. Added some user input sanity checking to my patch. For example, authconfig-gtk now complains if one tries to configure a CIFS volume without a server. The infrastructure I added can be used to easily add checks for the configuration of the other PAM modules supported.
Comment on attachment 98514 [details] Adds pam_mount support to authconfig/authconfig-gtk.py. Authconfig is being rewritten completely in Python and the newt tui is deprecated (no new features).
Supporting pam_mount even when it isn't included in Fedora Core in authconfig isn't something which has too high priority. Authconfig OTOH should try hard not to break existing pam configuration - this is my priority to fix currently. Closing this bug as wontfix at least till pam_mount is included in FC.
There is now a pam_mount package in Fedora Extras.
*** Bug 188253 has been marked as a duplicate of this bug. ***
Would it be possible at a first step make authconfig add the correct lines to /etc/pam.d/system-auth-ac to load pam_mount and add additional features to edit /etc/security/pam_mount.conf later? This would help me a lot. As far as I know there is no possibility to add custom lines to /etc/pam.d/system-auth-ac which would maybe be usefull for other additional pam modules, as well.
You can point the /etc/pam.d/system-auth symlink to /etc/pam.d/system-auth-local and make it contain: auth include system-auth-ac account include system-auth-ac password include system-auth-ac session include system-auth-ac Then you can modify this file to call pam_mount.