Re: PAM and the loginwindow.app
Re: PAM and the loginwindow.app
- Subject: Re: PAM and the loginwindow.app
- From: Ben Greenfield <email@hidden>
- Date: Sat, 14 Feb 2009 10:55:54 -0500
On Feb 14, 2009, at 10:26 AM, Patrice Matthias Brend'amour wrote:
PAM is not the Problem...
But the Loginwindow.app is..
It seems it doesn't use PAM at all.
Otherwise i would see debug output from my module in the syslog. Or
am I missing something?
I could be wrong but I think if you configure a service to use pam
then the gui's keychain manages the password for you.
No matter what the auth mech is.
Loginwindow.app will pass approved auth credentials to keychain for
management.
In your case it seems that everyone has an identity on an ldap
server. Those same users have access to the sshfs share with same
identities.
I think you may need to get the os x client machines to trust sshfs
server and sshfs server to trust the clients.
I think changes may be needed to /etc/pam.conf then make the sshfs
run with pam in the /etc/pam.d services.
It is quite possible that this isn't the right list for my answer and
maybe even your question.
So maybe we should take it off list if you think I might be helpful.
Thanks,
Ben
---
Patrice Matthias Brend'amour
email@hidden
University of Konstanz, Germany
---
Am 14.02.2009 um 16:20 schrieb Ben Greenfield:
I may be missing the obvious... this may not be relevant at all to
your situation
In the past I was able to get an Open Directory server to act as
the auth mechnism for linux and os x machines.
The Linux machines were using pam to auth against the OD server
and the OS X used the OD for auth as well.
I used the dscl to set the homedir path
The home directories were on a 3rd Linux machine, I used the dscl
to set the homedir path for the os x and the linux machines.
I was then able to use pam auth for SVN, ssh, webdav,.... for all
the clients.
Long story short.
It should be straight forward. Get pam auth working for the OS X
clients and map the appropriate path for home dirs in the ldap
server.
Here is the man page for pam on OS X.
http://developer.apple.com/documentation/Darwin/Reference/ManPages/
man8/pam.8.html
Ben
On Feb 14, 2009, at 9:39 AM, Finlay Dobbie wrote:
On Fri, Feb 13, 2009 at 8:06 PM, Patrice Matthias Brend'amour
<email@hidden> wrote:
Hi.
I'm currently integrating 10 iMacs in an existing Linux computer
pool for
our students at the University of Konstanz.
There we have an LDAP Server for authentication, no AD, no NFS/AFP.
Authentication on OS X with LDAP works fine but I have a little
problem with
the homedirectories.
Our sysadmins want me to mount the users home dir via sshfs to
the mac. So
far, no problem. Sshfs works on OS X. But we need to mount the
homedir at
login time (with the password).
You may want to take a look at
http://developer.apple.com/technotes/tn2008/tn2228.html
-- Finlay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden