[Decaf-devel] Re: [pam_mount] Why does it want my password?
Joachim Breitner
nomeata at debian.org
Tue Dec 19 16:38:42 CET 2006
Hi,
Am Dienstag, den 19.12.2006, 16:31 +0100 schrieb Jan Engelhardt:
> >> pam_mount should always be optional. (Though that won't solve
> >> the problem.)
> >
> >Really? In this case, a failure in pam_mount should abort the login, as
>
> Well _in the_ event that you want it to fail, "required". But I think
> that is a rare case. At least give the user _some_ shell so he can
> ssh to somewhere else in case something got fubared.
>
> >that would leave the home directory unprotected. (It is protected by a
> >tmpfs overlay using unionfs)
>
> Unprotected? What, where? If it is not mounted at all for whatever
> reason, how can it be unprotected - ok where did I miss something?
No, I just did not really explain what I’m doing: For an internet cafe
machine I am mounting a tmpfs on /somewhere, and then I am creating a
unionfs based on /home/user(ro) and /somewhere(rw), and that is mounted
on /home/user again. This way the user has a fully functional home
directory, but upon log out, all his changes are removed. But if
pam-mount would fail, then he might be using the original home directory
directly, which is not desired. See
http://wiki.debian.org/DeCaf/PAMSetup
If it is too hard to make pam_mount detect that it does not need a
password, then I’ll just pass a dummy password to pam in my pam module,
that’s a hack as well, but a small one.
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
nomeata at debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: joachimbreitner at amessage.de | http://people.debian.org/~nomeata
More information about the Decaf-devel
mailing list