table of contents
PAM_CSYNC(8) | PAM_CSYNC(8) |
NAME¶
pam_csync - A PAM module to provide roaming home directories for a user session
SYNOPSIS¶
Edit the PAM system config /etc/pam.d/service and modify it as the following example shows:
...
auth required pam_env.so
auth required pam_unix2.so +++ auth optional pam_csync.so try_first_pass
account required pam_unix2.so
password requisite pam_pwcheck.so nullok cracklib
password required pam_unix2.so use_authtok nullok
session required pam_limits.so
session required pam_unix2.so
session optional pam_umask.so +++ session optional pam_csync.so
...
When "sufficient" is used in the second column, you must make sure that pam_csync is added before this entry as an authentication service. Otherwise pam_csync will not get executed should a previous PAM module succeed. Also be aware of the "include" statements. These make PAM look into the specified file. If there is a "sufficient" statement, then the pam_csync entry must either be in the included file before the "sufficient" statement or before the "include" statement.
... +++ auth required pam_csync.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_unix.so use_first_pass +++ session optional pam_csync.so
...
If pam_winbind or pam_krb5 is used, make sure that pam_csync in the session part is added after the pam_winbind or pam_krb5 module.
...
auth required pam_env.so
auth required pam_unix2.so
auth required pam_winbind.so use_first_pass +++ auth optional pam_csync.so try_first_pass
account required pam_unix2.so
account required pam_winbind.so use_first_pass
password sufficient pam_winbind.so
password requisite pam_pwcheck.so nullok cracklib
password required pam_unix2.so use_authtok nullok
session required pam_limits.so
session required pam_unix2.so
session optional pam_umask.so
session required pam_winbind.so +++ session optional pam_csync.so
...
DESCRIPTION¶
This module is aimed at environments with central file servers a user wishes to store his home directory.
The Authentication Module verifies the identity of a user and triggers a synchronization with the server on the first login and the last logout.
CONFIGURATION¶
The configuration file for the pam_csync module is pam_csync.conf. The file can be found at /etc/security/pam_csync.conf on most platforms.
The pam_csync.conf contains many comments documenting its use.
pam_csync can make use of a tabfile to replace a part of a uri to work with a DFS share.
OPTIONS¶
The Authentication Module supports six options: use_first_pass, try_first_pass, soft_try_pass, nullok, debug, silent
The following paragraphs list and describe each of these options.
use_first_pass
This option is used when the system administrator wants to enforce the same password across multiple modules. In this case the module will return PAM_AUTHINFO_UNAVAIL as exit code.
try_first_pass
soft_try_pass
nullok
debug
silent
TROUBLESHOOTING¶
Read the FAQ shipped with pam_csync.
BUGS¶
Please report bugs at https://dev.csync.org/.
SEE ALSO¶
pam(8), libcsync(7)
AUTHORS¶
Andreas Schneider <mail@cynapses.org>
COPYING¶
Copyright \(c) 2006-2008 Andreas Schneider. Free use of this software is granted under the terms of the GNU General Public License (GPL).
AUTHOR¶
Andreas Schneider
2020-06-10 |