Hi Petter, On Sun, May 26, 2013 at 11:41:48AM +0200, Petter Reinholdtsen wrote: > [Andreas B. Mundt] > > [1] Add 'session required pam_mkhomedir.so skel=/etc/skel umask=0027' > > to /etc/pam.d/common-session > > However this only creates the directories when no NFS-homedirs are > > availabel. To create the directories in any login, I use > > libpam-script > > (Cf. > > http://anonscm.debian.org/gitweb/?p=collab-maint/debian-lan.git;a=blob;f=fai/config/scripts/ROAMING/10-home_nfs4_krb5;h=9b6b6d3749483b6ff9bfd207f21f5a8698019d46;hb=0600527f83621ba2a09fd3346ea23f2fe5884f77) > > > > Why do you recreate the functionallity of libpam-mkhome using a > libpam-script script? >
If a user logs in the first time, he has to be in the debian-lan network. In that case the debian-lan home directory is mounted, and therefore libpam-mkhome does not create anything. The user has no local directory to drop data to work on later when being away from the debian-lan network. If later the user logs in away from the debian-lan network, his local home directory will be created by libpam-mkhome. He has to go back to the network now, to fetch his data for off-line use. By adding: cp -pR /etc/skel $HOMEDIR chmod 750 $HOMEDIR chown -R $PAM_USER:$PAM_USER $HOMEDIR to the script executed by libpam-script (which is needed for kerberos keys anyway if you use kerberized NFS and no machine key), there is no need for the repeated logins. Instead of login in three times: first: on-line to make credentials available second: off-line to create the home directory third: on-line to fetch data to work on off-line it is sufficient to log in on-line, your local home directory will already be available, you drop the data needed for off-line work there and it will be available for off-line use. So far this seems to work pretty fine. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130526101313.GA3942@fuzi