Changeset 1021
- Timestamp:
- 02/09/06 17:29:55 (3 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/execute-session-scripts-using-kdm-and-pam.txt
r1015 r1021 1 1 AUTHOR: Stef Bon <stef at bononline dot nl> 2 2 3 DATE: 2006-01- 153 DATE: 2006-01-30 4 4 5 5 LICENSE: GNU Free Documentation License Version 1.2 … … 25 25 I use PAM and a module called pam_script to store the credentials provided at 26 26 login (the username and the password!!) for authentication against SMB servers, when 27 mounting shares .27 mounting shares or browsing the network with fusesmb. 28 28 This looks a little bit like Single Sign On, but it isn't!! The credentials are stored in 29 a subdirectory of the homedir (~/.cifs/mount.cifs.conf ), with enough security at runtime.29 a subdirectory of the homedir (~/.cifs/mount.cifs.conf and ~/.smb/fusesmb.conf), with enough security at runtime. 30 30 But somebody can still find them being root, or with a LiveCD. The credentials are stored 31 31 plaintext, no encryption!! … … 48 48 2.2 Adjusting pam configuration 49 49 2.3 Creating the onauth script 50 3. TODO and suggestions 50 51 51 52 … … 107 108 The files in these directories must be accessible for every ordinary user: 108 109 therefore the permissions are 755. 109 Al scripts in these directories should have the same permissions: 755.110 All scripts in these directories should have the same permissions: 755. 110 111 111 112 Every user should be able to execute the script, but only root is able to modify … … 253 254 they inherit the faults. 'w' does some extra checking, which makes it more 254 255 usable. 256 255 257 Other pammodules, like pam_mount, have other ways to keep track of the amount of logins 256 258 per user. With pam_mount a seperate file (/var/run/pam_mount/$userid) is created for 257 259 this purpose. 260 258 261 Anyone knowing a better way to determine how many times a user is logged 259 262 in, please let me know. … … 269 272 270 273 274 3. TODO and suggestions 275 ----------------------- 276 277 The construction is working, but is not complete: 278 279 - it does no logging and proper userfeedback (on the screen) 280 with the hint xconsole_setup.txt (unmaintained: in hints/downloads/files) 281 you'll find a way to launch xconsole at startup by root. Using logger and 282 adjusting /etc/syslog.conf it's possible to write messages to it, which 283 appear just before the splash screen of KDE comes up. 284 285 286 - scripts are executed in the order the command 287 288 for script in /etc/session.d/kdm/startup/*.sh; do 289 290 works. 291 292 Maybe there should be an order. Some scripts first and others later. Just like 293 the rc script works to start and stop scripts in the /etc/rc.d structure. 294 295 296 - I'm testing FreeNX now. It turns your desktop into a terminalserver for 297 X11 sessions. You should test it! 298 There is a hint for LFS already!! 299 It does not work with KDM, so does nothing with the construction I'm using. 300 I'll check this is a sollution. 301 302 271 303 ACKNOWLEDGEMENTS: 272 304 * Thanks to the author of pam_script, Izak Burger, for his module and … … 276 308 [2006-01-15] 277 309 * Initial hint. 310 [2006-01-30] 311 * added chapter 3. TODO and suggestions 312 313 TODO: 314 * add logging via xconsole
