pam_mkhomedir causes segmentation fault after su
Gary Tay Teng Teck
garyttt at singnet.com.sg
Fri Feb 11 01:58:50 UTC 2005
Ed Sponsler wrote:
>I have RHEL 3.0 AS with ldap configured to authenticate and
>pam_mkhomedir in /etc/pam.d/system-auth to create home directories if
>they don't exist. Everything works fine, except when I su, which causes
>segmentation fault.
>
>Removing the pam_mkhomedir line in /etc/pam.d/system-auth fixes the su
>problem, but of course I need that to make home directories.
>
>
>[ed at wrk ed]$ ssh eds at ccdc
>eds at ccdc's password:
>Creating directory '/home/eds'.
>Creating directory '/home/eds/.kde'.
>Creating directory '/home/eds/.kde/Autostart'.
>/usr/X11R6/bin/xauth: creating new authority file /home/eds/.Xauthority
>
>// Yeah it works! But...
>
>[eds at ccdc ~]$ su
>Password:
>Segmentation fault
>
>
>/var/log/messages
>Feb 10 11:28:51 ccdc su(pam_unix)[8750]: session opened for user root by
>eds(uid=7365)
>Feb 10 11:28:51 ccdc su(pam_unix)[8750]: session closed for user root
>
>
>/etc/pam.d/system-auth
>session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
>
>
>
>
I have used pam_mkhomdir with LDAP Auth without issue on RH FC2.
(PAM_LDAP 1.69, NSS_LDAP 2.20, OpenLDAP 2.2.17, recent version of
pam_mkhomedir). This was for testing only, I still feel NFS mounted home
directories provides better management.
May be the following change could help you, it is used to fix "su -
ldapid" issue (incorrect password despite correct pw entered, a bug
reported in RH Bugzilla)
*
# diff /etc/pam.d/system-auth /etc/pam.d/system-auth.ldapauth
9c9
< account required /lib/security/$ISA/pam_unix.so
---
> account sufficient /lib/security/$ISA/pam_unix.so
Content of /etc/pam.d/system-auth that will fix “su – incorrect password
issue”.
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
# Un-comment the next line if you want pam_mkhomedir.so to mkdir $HOME
on the fly
session sufficient pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
NOTE 1: "authconfig" will at the end of the run, stop and restart
/etc/init.d/nscd, if it hangs, press CTRL-C and then run "service nscd
restart"
NOTE 2: if “authconfig” is re-run again, /etc/pam.d/system-auth will be
re-generated and overwritten, therefore manual edit of this file is
required if there are customizations.
More information about the Pam-list
mailing list