site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Feb 14, 2009, at 10:26 AM, Patrice Matthias Brend'amour wrote: PAM is not the Problem... But the Loginwindow.app is.. So maybe we should take it off list if you think I might be helpful. Thanks, Ben --- Patrice Matthias Brend'amour patrice.brendamour@uni-konstanz.de University of Konstanz, Germany --- Am 14.02.2009 um 16:20 schrieb Ben Greenfield: Long story short. Here is the man page for pam on OS X. Ben On Feb 14, 2009, at 9:39 AM, Finlay Dobbie wrote: On Fri, Feb 13, 2009 at 8:06 PM, Patrice Matthias Brend'amour <patrice.brendamour@uni-konstanz.de> wrote: You may want to take a look at http://developer.apple.com/technotes/tn2008/tn2228.html -- Finlay _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/ben%40cogs.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... It seems it doesn't use PAM at all. Otherwise i would see debug output from my module in the syslog. Or am I missing something? I could be wrong but I think if you configure a service to use pam then the gui's keychain manages the password for you. No matter what the auth mech is. Loginwindow.app will pass approved auth credentials to keychain for management. In your case it seems that everyone has an identity on an ldap server. Those same users have access to the sshfs share with same identities. I think you may need to get the os x client machines to trust sshfs server and sshfs server to trust the clients. I think changes may be needed to /etc/pam.conf then make the sshfs run with pam in the /etc/pam.d services. It is quite possible that this isn't the right list for my answer and maybe even your question. I may be missing the obvious... this may not be relevant at all to your situation In the past I was able to get an Open Directory server to act as the auth mechnism for linux and os x machines. The Linux machines were using pam to auth against the OD server and the OS X used the OD for auth as well. I used the dscl to set the homedir path The home directories were on a 3rd Linux machine, I used the dscl to set the homedir path for the os x and the linux machines. I was then able to use pam auth for SVN, ssh, webdav,.... for all the clients. It should be straight forward. Get pam auth working for the OS X clients and map the appropriate path for home dirs in the ldap server. http://developer.apple.com/documentation/Darwin/Reference/ManPages/ man8/pam.8.html Hi. I'm currently integrating 10 iMacs in an existing Linux computer pool for our students at the University of Konstanz. There we have an LDAP Server for authentication, no AD, no NFS/AFP. Authentication on OS X with LDAP works fine but I have a little problem with the homedirectories. Our sysadmins want me to mount the users home dir via sshfs to the mac. So far, no problem. Sshfs works on OS X. But we need to mount the homedir at login time (with the password). This email sent to ben@cogs.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/ patrice.brendamour%40uni-konstanz.de This email sent to patrice.brendamour@uni-konstanz.de This email sent to site_archiver@lists.apple.com