I'm configuring a laptop and trying to combine pam_ccreds, pam_unix and
pam_krb5 to use Kerberos or NIS passwords if they're available - i.e. the
laptop's plugged into the network - and cached credentials from a previously
successful network authentication if not. The home directory should be
different for the two logins as well - an NFS home when on the network and a
directory on the local disk when disconnected.
I have "passwd: compat" in /etc/nsswitch.conf and
+@
mfg:x:12345:12345:Michael Gordon:/localdisk/home/mfg:/bin/bash
in /etc/passwd so that it uses the NIS passwd entry if it's available and
the /etc/passwd one otherwise.
The problem is that I can't work out the right combination of modules and
actions in /etc/pam.d/system_auth to get this to work. The logic I want
is basically
If pam_unix succeeds
write credentials into pam_ccred's database
jump to DONE
if pam_krb5 succeeds
write credentials into pam_ccred's database
jump to DONE
if pam_ccred succeeds
jump to DONE
Login fails
DONE:
Any other modules that PAM needs
I've tried various combinations, with results including logins being refused
entirely, printing "You have been logged on using cached credentials"
and dropping back to the login prompt, and any password being accepted.
Michael
--
Quidquid latine dictum sit, altum viditur.
|
Similar Threads
Linear Mode
