[OpenAFS] Off-topic, anyone tried this?
Michael Lasevich
openafslist@lasevich.net
Tue, 21 May 2002 17:23:34 -0700
Erm, I guess this is just poor wording on my end. I know how it gets the
value of the ~ (home directory).
I meant which part of pam (or login, or is it sshd?) executes "chdir ~"
command. It is clearly executed more than once, because I get "permission
denied" error BEFORE it executes pam_openafs_session(aklog), and yet it is
still changes directory to it AFTER aklog runs. At this point the error
message is not a problem, just a nuisance, but it would be nice to get rid
of it.
BTW, I got the pam_openafs_session to work. Turned out the module looked in
the wrong environment for KRB5CCFILE variable. I changed pam_getenv() call
to getenv() call and all is happy!!!
-Michael
----- Original Message -----
From: "Charles Clancy" <security@xauth.net>
To: "Michael Lasevich" <openafslist@lasevich.net>
Cc: "OpenAFS Info List" <openafs-info@openafs.org>
Sent: Tuesday, May 21, 2002 5:12 PM
Subject: Re: [OpenAFS] Off-topic, anyone tried this?
> > BTW, does anyone know which module sets the home dir? I get homedir not
> > found BEFORE aklog runs, thus even if it does work, I'll have a problem
> > with home dirs.
>
> None of them, actually. PAM does authentication, and NSS handles name
> service. The getpwent(3C) system call (among others) in libc consults
> /etc/nsswitch.conf to determine where to find that information. It never
> needs to be set during login; it just always "is". For example, you could
> "cd ~username" for a user that's not logged in, and it could still find
> their home directory.
>
> [ t charles clancy ]-[ tclancy@uiuc.edu ]-[ uiuc.edu/~tclancy ]
>
>