Package: libpam-modules Version: 1.4.0-4 Severity: normal Dear Maintainer,
= Description of the use-case = I am using pam_mkhomedir on a file server (samba). Users are managed via LDAP (configured in smbd). The home directories of users are supposed to be created, as soon as the user accesses the corresponding personal share via samba. This works well, if `pam_mkhomedir` is enabled in "common-session" and "common-session-noninteractive". Additionally "obey pam restrictions = yes" needs to be specified in /etc/samba/smbd.conf. = Description of the issue = In theory, this works well together with the configuration distributed in the pam package. But one missing piece is missing, since /usr/share/pam-configs/mkhomedir contains the following line: Session-Interactive-Only: yes I am not sure, whether this line is necessary. For my specific use-case I need to remove this line in order to allow users to create their home directory via samba (non-interactively). # Description of local workarounds = In order to prevent my local modification from being overridden during package upgrades, I decided to create an adjusted copy of /usr/share/pam-configs/mkhomedir in that directory. Now I can select this custom module via "pam-auth-update" (and disable the original "mkhomedir"). This approach is obviously not good, since I changed the content of /usr/share/pam-configs (instead of some file below /etc). An alternative approach would be to change /etc/pam.d/common-session-noninteractive and tell "pam-auth-update" to stop managing the files below /etc/pam.d/. This is obviously not desirable. I am inclined to think, that enabling "mkhomedir" for non-interactive sessions as part of the "mkhomedir" configuration shipped by the pam package would not hurt its users. But maybe I am overlooking something ovious? Thank you for your time! Cheers, Lars
