pam_mount + pam_winbind + pam_krb5. All in one (?)
Okay.
I have Active Directory's users logging into Linux clients thanks to pam_winbind.
I have Samba Shares mounted at login and unmounted at logoff thanks to pam_mount.
I have Cups printing to a Windows Print Queue WITH user authentication thanks to a patched smbspool and Kerberos ticket.
What I need now is to retrieve kerberos tickets at login time WITHOUT prompting for a password. I know pam_krb5 does that, but I can't manage to fit it into /etc/pam.d/system-auth along with pam_winbind and pam_mount.
Thatś my system-auth file:
#%PAM-1.0
auth required pam_mount.so
auth sufficient pam_winbind.so
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so
account required pam_unix.so
password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so
session optional pam_mount.so
Anyone may help me out?
Tks
|