[Decaf-devel] Re: [pam_mount] Why does it want my password?
Joachim Breitner
nomeata at debian.org
Tue Dec 19 16:53:12 CET 2006
Hi,
Am Dienstag, den 19.12.2006, 16:49 +0100 schrieb Jan Engelhardt:
> >> >that would leave the home directory unprotected. (It is protected by a
> >> >tmpfs overlay using unionfs)
> >>
> >> Unprotected? What, where? If it is not mounted at all for whatever
> >> reason, how can it be unprotected - ok where did I miss something?
> >
> >No, I just did not really explain what I’m doing: For an internet cafe
> >machine I am mounting a tmpfs on /somewhere, and then I am creating a
> >unionfs based on /home/user(ro) and /somewhere(rw), and that is mounted
> >on /home/user again. This way the user has a fully functional home
> >directory, but upon log out, all his changes are removed. But if
> >pam-mount would fail, then he might be using the original home directory
> >directly, which is not desired. See
> >http://wiki.debian.org/DeCaf/PAMSetup
>
> In that case, /home/user would remain read-only, hence, no problem
> (except maybe in starting apps)
Well, if mod_mount does nothing, then /home/user is readable as usual.
There is nothing special about it (until unionfs overlays it with the
layered mount)
> >If it is too hard to make pam_mount detect that it does not need a
> >password, then I’ll just pass a dummy password to pam in my pam module,
> >that’s a hack as well, but a small one.
>
> Well I can add an option (one like 'use_first_pass') so that you
> could force pam_mount on a global basis not to ever request a
> password.
That sounds good. Other users with strange pam authenticators might
benefit as well...
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
nomeata at debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: joachimbreitner at amessage.de | http://people.debian.org/~nomeata
More information about the Decaf-devel
mailing list