source-git / cifs-utils

Clone
Source Code
GIT

Blame pam_cifscreds.rst

c8 c8s master
  1.   fe28621cddc77e5b4d4f74ed9f93381d9ab28eda
  2.   pam_cifscreds.rst
Blob History Raw
Packit Service 09cdfc 
=============
Packit Service 09cdfc 
pam_cifscreds
Packit Service 09cdfc 
=============
Packit Service 09cdfc
Packit Service 09cdfc 
-------------------------------------------------------
Packit Service 09cdfc 
PAM module to manage NTLM credentials in kernel keyring
Packit Service 09cdfc 
-------------------------------------------------------
Packit Service 09cdfc 
:Manual section: 8
Packit Service 09cdfc
Packit Service 09cdfc 
********
Packit Service 09cdfc 
SYNOPSIS
Packit Service 09cdfc 
********
Packit Service 09cdfc
Packit Service 09cdfc 
Edit the PAM configuration files for the systems that you want to
Packit Service 664a73 
automatically register NTLM credentials for, e.g. */etc/pam.d/login*,
Packit Service 664a73 
and modify as follows::
Packit Service 09cdfc
Packit Service 09cdfc 
         ...
Packit Service 09cdfc 
         auth       substack     system-auth
Packit Service 09cdfc 
     +++ auth       optional     pam_cifscreds.so
Packit Service 09cdfc 
         auth       include      postlogin
Packit Service 09cdfc 
         ...
Packit Service 664a73
Packit Service 09cdfc 
         ...
Packit Service 09cdfc 
         session    include      system-auth
Packit Service 09cdfc 
     +++ session    optional     pam_cifscreds.so domain=DOMAIN
Packit Service 09cdfc 
         session    include      postlogin
Packit Service 09cdfc 
         ...
Packit Service 09cdfc
Packit Service 09cdfc 
Change DOMAIN to the name of you Windows domain, or use host= as
Packit Service 09cdfc 
described below.
Packit Service 09cdfc
Packit Service 09cdfc 
***********
Packit Service 09cdfc 
DESCRIPTION
Packit Service 09cdfc 
***********
Packit Service 09cdfc
Packit Service 664a73 
The ``pam_cifscreds`` PAM module is a tool for automatically adding
Packit Service 09cdfc 
credentials (username and password) for the purpose of establishing
Packit Service 09cdfc 
sessions in multiuser mounts.
Packit Service 09cdfc
Packit Service 09cdfc 
When a cifs filesystem is mounted with the "multiuser" option, and does
Packit Service 09cdfc 
not use krb5 authentication, it needs to be able to get the credentials
Packit Service 664a73 
for each user from somewhere. The ``pam_cifscreds`` module can be used
Packit Service 09cdfc 
to provide these credentials to the kernel automatically at login.
Packit Service 09cdfc
Packit Service 09cdfc 
In the session section of the PAM configuration file, the module can
Packit Service 09cdfc 
either an NT domain name or a list of hostname or addresses.
Packit Service 09cdfc
Packit Service 09cdfc 
*******
Packit Service 09cdfc 
OPTIONS
Packit Service 09cdfc 
*******
Packit Service 09cdfc
Packit Service 664a73 
``pam_cifscreds`` supports a couple options which can be set in the PAM
Packit Service 664a73 
configuration files. You must have one (and only one) of ``domain=`` or
Packit Service 664a73 
``host=``.
Packit Service 09cdfc
Packit Service 664a73 
debug
Packit Service 664a73 
  Turns on some extra debug logging.
Packit Service 09cdfc
Packit Service 664a73 
domain=<NT domain name>
Packit Service 664a73 
  Credentials will be added for the specified NT domain name.
Packit Service 09cdfc
Packit Service 664a73 
host=<hostname or IP address>[,...]
Packit Service 664a73 
  Credentials will be added for the specified hostnames or IP addresses.
Packit Service 09cdfc
Packit Service 09cdfc 
*****
Packit Service 09cdfc 
NOTES
Packit Service 09cdfc 
*****
Packit Service 09cdfc
Packit Service 09cdfc 
The pam_cifscreds PAM module requires a kernel built with support for
Packit Service 664a73 
the ``login`` key type. That key type was added in v3.3 in mainline Linux
Packit Service 09cdfc 
kernels.
Packit Service 09cdfc
Packit Service 664a73 
Since ``pam_cifscreds`` adds keys to the session keyring, it is highly
Packit Service 664a73 
recommended that one use ``pam_keyinit`` to ensure that a session keyring
Packit Service 09cdfc 
is established at login time.
Packit Service 09cdfc
Packit Service 09cdfc 
********
Packit Service 09cdfc 
SEE ALSO
Packit Service 09cdfc 
********
Packit Service 09cdfc
Packit Service 09cdfc 
cifscreds(1), pam_keyinit(8)
Packit Service 09cdfc
Packit Service 09cdfc 
******
Packit Service 09cdfc 
AUTHOR
Packit Service 09cdfc 
******
Packit Service 09cdfc
Packit Service 09cdfc 
The pam_cifscreds PAM module was developed by Orion Poplawski
Packit Service 09cdfc 
<orion@nwra.com>.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation