source-git / cifs-utils

Clone
Source Code
GIT

Blame pam_cifscreds.rst

c8 c8s master
  1.   3d70ef9f24034386c8f2cb6c1e7bb674910393aa
  2.   pam_cifscreds.rst
Blob History Raw
Packit 5f9837 
=============
Packit 5f9837 
pam_cifscreds
Packit 5f9837 
=============
Packit 5f9837
Packit 5f9837 
-------------------------------------------------------
Packit 5f9837 
PAM module to manage NTLM credentials in kernel keyring
Packit 5f9837 
-------------------------------------------------------
Packit 5f9837 
:Manual section: 8
Packit 5f9837
Packit 5f9837 
********
Packit 5f9837 
SYNOPSIS
Packit 5f9837 
********
Packit 5f9837
Packit 5f9837 
Edit the PAM configuration files for the systems that you want to
Packit Service 668931 
automatically register NTLM credentials for, e.g. */etc/pam.d/login*,
Packit Service 668931 
and modify as follows::
Packit 5f9837
Packit 5f9837 
         ...
Packit 5f9837 
         auth       substack     system-auth
Packit 5f9837 
     +++ auth       optional     pam_cifscreds.so
Packit 5f9837 
         auth       include      postlogin
Packit 5f9837 
         ...
Packit Service 668931
Packit 5f9837 
         ...
Packit 5f9837 
         session    include      system-auth
Packit 5f9837 
     +++ session    optional     pam_cifscreds.so domain=DOMAIN
Packit 5f9837 
         session    include      postlogin
Packit 5f9837 
         ...
Packit 5f9837
Packit 5f9837 
Change DOMAIN to the name of you Windows domain, or use host= as
Packit 5f9837 
described below.
Packit 5f9837
Packit 5f9837 
***********
Packit 5f9837 
DESCRIPTION
Packit 5f9837 
***********
Packit 5f9837
Packit Service 668931 
The ``pam_cifscreds`` PAM module is a tool for automatically adding
Packit 5f9837 
credentials (username and password) for the purpose of establishing
Packit 5f9837 
sessions in multiuser mounts.
Packit 5f9837
Packit 5f9837 
When a cifs filesystem is mounted with the "multiuser" option, and does
Packit 5f9837 
not use krb5 authentication, it needs to be able to get the credentials
Packit Service 668931 
for each user from somewhere. The ``pam_cifscreds`` module can be used
Packit 5f9837 
to provide these credentials to the kernel automatically at login.
Packit 5f9837
Packit 5f9837 
In the session section of the PAM configuration file, the module can
Packit 5f9837 
either an NT domain name or a list of hostname or addresses.
Packit 5f9837
Packit 5f9837 
*******
Packit 5f9837 
OPTIONS
Packit 5f9837 
*******
Packit 5f9837
Packit Service 668931 
``pam_cifscreds`` supports a couple options which can be set in the PAM
Packit Service 668931 
configuration files. You must have one (and only one) of ``domain=`` or
Packit Service 668931 
``host=``.
Packit 5f9837
Packit Service 668931 
debug
Packit Service 668931 
  Turns on some extra debug logging.
Packit 5f9837
Packit Service 668931 
domain=<NT domain name>
Packit Service 668931 
  Credentials will be added for the specified NT domain name.
Packit 5f9837
Packit Service 668931 
host=<hostname or IP address>[,...]
Packit Service 668931 
  Credentials will be added for the specified hostnames or IP addresses.
Packit 5f9837
Packit 5f9837 
*****
Packit 5f9837 
NOTES
Packit 5f9837 
*****
Packit 5f9837
Packit 5f9837 
The pam_cifscreds PAM module requires a kernel built with support for
Packit Service 668931 
the ``login`` key type. That key type was added in v3.3 in mainline Linux
Packit 5f9837 
kernels.
Packit 5f9837
Packit Service 668931 
Since ``pam_cifscreds`` adds keys to the session keyring, it is highly
Packit Service 668931 
recommended that one use ``pam_keyinit`` to ensure that a session keyring
Packit 5f9837 
is established at login time.
Packit 5f9837
Packit 5f9837 
********
Packit 5f9837 
SEE ALSO
Packit 5f9837 
********
Packit 5f9837
Packit 5f9837 
cifscreds(1), pam_keyinit(8)
Packit 5f9837
Packit 5f9837 
******
Packit 5f9837 
AUTHOR
Packit 5f9837 
******
Packit 5f9837
Packit 5f9837 
The pam_cifscreds PAM module was developed by Orion Poplawski
Packit 5f9837 
<orion@nwra.com>.

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation