|
Packit |
5f9837 |
=============
|
|
Packit |
5f9837 |
pam_cifscreds
|
|
Packit |
5f9837 |
=============
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
-------------------------------------------------------
|
|
Packit |
5f9837 |
PAM module to manage NTLM credentials in kernel keyring
|
|
Packit |
5f9837 |
-------------------------------------------------------
|
|
Packit |
5f9837 |
:Manual section: 8
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
SYNOPSIS
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Edit the PAM configuration files for the systems that you want to
|
|
Packit |
5f9837 |
automatically register NTLM credentials for, e.g. /etc/pam.d/login,
|
|
Packit |
5f9837 |
and modify as follows:
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
.. code-block:: perl
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
auth substack system-auth
|
|
Packit |
5f9837 |
+++ auth optional pam_cifscreds.so
|
|
Packit |
5f9837 |
auth include postlogin
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
session include system-auth
|
|
Packit |
5f9837 |
+++ session optional pam_cifscreds.so domain=DOMAIN
|
|
Packit |
5f9837 |
session include postlogin
|
|
Packit |
5f9837 |
...
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Change DOMAIN to the name of you Windows domain, or use host= as
|
|
Packit |
5f9837 |
described below.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
***********
|
|
Packit |
5f9837 |
DESCRIPTION
|
|
Packit |
5f9837 |
***********
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
The \ **pam_cifscreds**\ PAM module is a tool for automatically adding
|
|
Packit |
5f9837 |
credentials (username and password) for the purpose of establishing
|
|
Packit |
5f9837 |
sessions in multiuser mounts.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
When a cifs filesystem is mounted with the "multiuser" option, and does
|
|
Packit |
5f9837 |
not use krb5 authentication, it needs to be able to get the credentials
|
|
Packit |
5f9837 |
for each user from somewhere. The \ **pam_cifscreds**\ module can be used
|
|
Packit |
5f9837 |
to provide these credentials to the kernel automatically at login.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
In the session section of the PAM configuration file, the module can
|
|
Packit |
5f9837 |
either an NT domain name or a list of hostname or addresses.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
*******
|
|
Packit |
5f9837 |
OPTIONS
|
|
Packit |
5f9837 |
*******
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
\ **pam_cifscreds**\ supports a couple options which can be set in the PAM
|
|
Packit |
5f9837 |
configuration files. You must have one (and only one) of domain= or
|
|
Packit |
5f9837 |
host=.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
\ **debug**\
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Turns on some extra debug logging.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
\ **domain**\ =<NT domain name>
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Credentials will be added for the specified NT domain name.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
\ **host**\ =<hostname or IP address>[,...]
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Credentials will be added for the specified hostnames or IP addresses.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
*****
|
|
Packit |
5f9837 |
NOTES
|
|
Packit |
5f9837 |
*****
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
The pam_cifscreds PAM module requires a kernel built with support for
|
|
Packit |
5f9837 |
the \ **login**\ key type. That key type was added in v3.3 in mainline Linux
|
|
Packit |
5f9837 |
kernels.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Since \ **pam_cifscreds**\ adds keys to the session keyring, it is highly
|
|
Packit |
5f9837 |
recommended that one use \ **pam_keyinit**\ to ensure that a session keyring
|
|
Packit |
5f9837 |
is established at login time.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
SEE ALSO
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
cifscreds(1), pam_keyinit(8)
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
******
|
|
Packit |
5f9837 |
AUTHOR
|
|
Packit |
5f9837 |
******
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
The pam_cifscreds PAM module was developed by Orion Poplawski
|
|
Packit |
5f9837 |
<orion@nwra.com>.
|
|
Packit |
5f9837 |
|