[OpenAFS] Off-topic, anyone tried this?

Michael Lasevich openafslist@lasevich.net
Tue, 21 May 2002 17:23:34 -0700

Erm, I guess this is just poor wording on my end. I know how it gets the
value of the ~ (home directory).

 I meant which part of pam (or login, or is it sshd?) executes "chdir ~"
command. It is clearly executed more than once, because I get "permission
denied" error BEFORE it executes pam_openafs_session(aklog), and yet it is
still changes directory to it AFTER aklog runs. At this point the error
message is not a problem, just a nuisance, but it would be nice to get rid
of it.

BTW, I got the pam_openafs_session to work. Turned out the module looked in
the wrong environment for KRB5CCFILE variable. I changed pam_getenv() call
to getenv() call and all is happy!!!


----- Original Message -----
From: "Charles Clancy" <security@xauth.net>
To: "Michael Lasevich" <openafslist@lasevich.net>
Cc: "OpenAFS Info List" <openafs-info@openafs.org>
Sent: Tuesday, May 21, 2002 5:12 PM
Subject: Re: [OpenAFS] Off-topic, anyone tried this?

> > BTW, does anyone know which module sets the home dir? I get homedir not
> > found BEFORE aklog runs, thus even if it does work, I'll have a problem
> > with home dirs.
> None of them, actually.  PAM does authentication, and NSS handles name
> service.  The getpwent(3C) system call (among others) in libc consults
> /etc/nsswitch.conf to determine where to find that information.  It never
> needs to be set during login; it just always "is".  For example, you could
> "cd ~username" for a user that's not logged in, and it could still find
> their home directory.
> [  t charles clancy  ]-[  tclancy@uiuc.edu  ]-[  uiuc.edu/~tclancy  ]