Matus UHLAR - fantomas writes:
On 08.06.15 08:30, Sam Varshavchik wrote: >Unfortunately, this is not architecturely possible. authdaemond runs >as a standalone daemon, and it handles all authentication requests. >It has no direct knowledge of when individual processes get created, >and when they terminate.but it could call session init after successful verification, and session close immediately after, right? (of course, only if admin sets it up, to prevent others from useless pam calls)
That's another option. If that's all that pam session is used for, is to invoke the pam_mkhomedir.so module, this should work.
>However, it might be possible to implement this directly. do you mean directly in smtp/imap/pop3 servers?
Yes.But let's try the other way, first. Can you try patching courier-authlib as follows, and see how well it works. If this works, then all that needs to be done is make this part conditional upon a setting.
diff --git a/courier-authlib/authpam.c b/courier-authlib/authpam.c
index 9d40e69..49d9bb6 100644
--- a/courier-authlib/authpam.c
+++ b/courier-authlib/authpam.c
@@ -150,6 +150,25 @@ static int dopam(pam_handle_t **pamh, int *started)
DPRINTF("pam_acct_mgmt failed, result %d", retval);
}
}
+
+ if (retval == PAM_SUCCESS)
+ {
+ retval=pam_open_session(*pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ DPRINTF("pam_open_session failed, result %d", retval);
+ }
+ }
+
+ if (retval == PAM_SUCCESS)
+ {
+ retval=pam_close_session(*pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ DPRINTF("pam_close_session failed, result %d", retval);
+ }
+ }
+
if (retval == PAM_SUCCESS)
{
DPRINTF("dopam successful");
pgp2MesCJoGqC.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
