|
Packit |
5f9837 |
=============
|
|
Packit |
5f9837 |
pam_cifscreds
|
|
Packit |
5f9837 |
=============
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
-------------------------------------------------------
|
|
Packit |
5f9837 |
PAM module to manage NTLM credentials in kernel keyring
|
|
Packit |
5f9837 |
-------------------------------------------------------
|
|
Packit |
5f9837 |
:Manual section: 8
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
SYNOPSIS
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Edit the PAM configuration files for the systems that you want to
|
|
Packit Service |
668931 |
automatically register NTLM credentials for, e.g. */etc/pam.d/login*,
|
|
Packit Service |
668931 |
and modify as follows::
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
auth substack system-auth
|
|
Packit |
5f9837 |
+++ auth optional pam_cifscreds.so
|
|
Packit |
5f9837 |
auth include postlogin
|
|
Packit |
5f9837 |
...
|
|
Packit Service |
668931 |
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
session include system-auth
|
|
Packit |
5f9837 |
+++ session optional pam_cifscreds.so domain=DOMAIN
|
|
Packit |
5f9837 |
session include postlogin
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Change DOMAIN to the name of you Windows domain, or use host= as
|
|
Packit |
5f9837 |
described below.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
***********
|
|
Packit |
5f9837 |
DESCRIPTION
|
|
Packit |
5f9837 |
***********
|
|
Packit |
5f9837 |
|
|
Packit Service |
668931 |
The ``pam_cifscreds`` PAM module is a tool for automatically adding
|
|
Packit |
5f9837 |
credentials (username and password) for the purpose of establishing
|
|
Packit |
5f9837 |
sessions in multiuser mounts.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
When a cifs filesystem is mounted with the "multiuser" option, and does
|
|
Packit |
5f9837 |
not use krb5 authentication, it needs to be able to get the credentials
|
|
Packit Service |
668931 |
for each user from somewhere. The ``pam_cifscreds`` module can be used
|
|
Packit |
5f9837 |
to provide these credentials to the kernel automatically at login.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
In the session section of the PAM configuration file, the module can
|
|
Packit |
5f9837 |
either an NT domain name or a list of hostname or addresses.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
*******
|
|
Packit |
5f9837 |
OPTIONS
|
|
Packit |
5f9837 |
*******
|
|
Packit |
5f9837 |
|
|
Packit Service |
668931 |
``pam_cifscreds`` supports a couple options which can be set in the PAM
|
|
Packit Service |
668931 |
configuration files. You must have one (and only one) of ``domain=`` or
|
|
Packit Service |
668931 |
``host=``.
|
|
Packit |
5f9837 |
|
|
Packit Service |
668931 |
debug
|
|
Packit Service |
668931 |
Turns on some extra debug logging.
|
|
Packit |
5f9837 |
|
|
Packit Service |
668931 |
domain=<NT domain name>
|
|
Packit Service |
668931 |
Credentials will be added for the specified NT domain name.
|
|
Packit |
5f9837 |
|
|
Packit Service |
668931 |
host=<hostname or IP address>[,...]
|
|
Packit Service |
668931 |
Credentials will be added for the specified hostnames or IP addresses.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
*****
|
|
Packit |
5f9837 |
NOTES
|
|
Packit |
5f9837 |
*****
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
The pam_cifscreds PAM module requires a kernel built with support for
|
|
Packit Service |
668931 |
the ``login`` key type. That key type was added in v3.3 in mainline Linux
|
|
Packit |
5f9837 |
kernels.
|
|
Packit |
5f9837 |
|
|
Packit Service |
668931 |
Since ``pam_cifscreds`` adds keys to the session keyring, it is highly
|
|
Packit Service |
668931 |
recommended that one use ``pam_keyinit`` to ensure that a session keyring
|
|
Packit |
5f9837 |
is established at login time.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
SEE ALSO
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
cifscreds(1), pam_keyinit(8)
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
******
|
|
Packit |
5f9837 |
AUTHOR
|
|
Packit |
5f9837 |
******
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
The pam_cifscreds PAM module was developed by Orion Poplawski
|
|
Packit |
5f9837 |
<orion@nwra.com>.
|