Changeset 1030

Show
Ignore:
Timestamp:
04/20/06 11:01:42 (3 years ago)
Author:
tushar
Message:

Updated: starting-and-stopping-fusesmb-with-kdm

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/starting-and-stopping-fusesmb-with-kdm.txt

    r1022 r1030  
    11AUTHOR: Stef Bon <stef at bononline dot nl> 
    22 
    3 DATE: 2006-01-24 
     3DATE: 2006-04-15 
    44 
    55LICENSE: GNU Free Documentation License Version 1.2 
    66 
    7 SYNOPSIS: Starting and stopping Fusesmb at a KDE-session using KDM and PAM
     7SYNOPSIS: Starting and stopping Fusesmb at a KDE-session using KDM
    88 
    99DESCRIPTION:  
     
    1111 
    1212This is based on my hint  
    13 "Execute scripts at begin and end of a KDE-session using KDM and PAM". 
     13"Execute scripts at begin and end of a KDE-session using KDM". 
    1414 
    1515In this hint is described in general how scripts and commands are  
    16 started at the begin and end of a KDE session using KDM, and for password  
    17 sensitive commands support from PAM. 
     16started at the begin and end of a KDE session using KDM. 
    1817 
    1918 
     
    33321.2 Starting fusesmb. 
    34331.3 Stopping fusesmb. 
    35 1.4 Storing credentials in personal configurationfile. 
    3634 
    3735 
     
    4240Very new is FUSE. At this moment the FUSE package contains a kernelmodule, a library and utilities. 
    4341Soon the module will be standard in the kernel. For more information see the website of course. 
    44  
    45 Pam_script has the ability (from version 0.1.5) to get the password provided at login, and provide this via an evironmentvariable PAM_AUTHTOK to scripts. A script for fusesmb can write this value to the configurationfile of fusesmb (~/.smb/fusesmb.conf) to browse the network with the credentials provided at login.  
    46  
    47 warning: 
    48  
    49 This looks a little bit like Single Sign On, but it isn't!! The credentials are stored in  
    50 a subdirectory of the homedir (~/.smb/fusesmb.conf), with enough security at runtime. 
    51 But somebody can still find them being root, or with a LiveCD. The credentials are stored 
    52 plaintext, no encryption!! 
    53  
    54 So, this should never be used in an environment where you can't trust your users! 
    55  
    5642 
    5743------------------------------------- 
     
    124110 
    125111userid=$1 
    126 userproperties=$(getent passwd | grep -E "^$userid") 
     112userproperties=$(getent passwd | grep -m 1-E "^$userid") 
    127113homedir=$(echo $userproperties | cut -d ":" -f 6); 
    128114gidnr=$(echo $userproperties | cut -d ":" -f 4); 
     
    159145application, like MC or vi. 
    160146 
     147This configuration allows other users to enter the fusesmb filesystem. If you don't want this, you should remove  
     148the "allow_other" flag. 
     149 
    161150 
    162151------------------------ 
     
    174163 
    175164userid=$1 
    176 userproperties=$(getent passwd | grep -E "^$userid") 
     165userproperties=$(getent passwd | grep -m 1 -E "^$userid") 
    177166homedir=$(echo $userproperties | cut -d ":" -f 6); 
    178167gidnr=$(echo $userproperties | cut -d ":" -f 4); 
     
    187176    fi; 
    188177 
    189     if [ -e $homedir/.smb/fusesmb.conf ]; then 
    190  
    191         rm -f $homedir/.smb/fusesmb.conf 
    192  
    193     fi; 
    194  
    195178fi; 
    196179 
     
    204187 
    205188 
    206 ------------------------------------------------------ 
    207 1.4 Storing credentials in personal configurationfile. 
    208 ------------------------------------------------------ 
    209  
    210 With files above you could already get a working sollution. 
    211 To access the SMB servers where a username and a password are 
    212 required, FuseSMB allows you to give credentials in the  
    213 ~/.smb/fusesmb.conf file. Look for these and more options 
    214 in the manpage of fusesmb.conf. 
    215  
    216 With PAM and the module pam_script it is possible to use the 
    217 credentials provided at login. In my network the sambaservers 
    218 use the same credentials as my normal login  (via OPENLDAP). 
    219  
    220 cat >> /etc/session.d/pam/onauth/fusesmb.sh << "EOF" 
    221 #!/bin/bash 
    222  
    223 retcode=0; 
    224  
    225 userid=$1 
    226 service=$2 
    227 authtok=$3 
    228  
    229 userproperties=$(getent passwd | grep -E "^$userid") 
    230 homedir=$(echo $userproperties | cut -d ":" -f 6); 
    231 gidnr=$(echo $userproperties | cut -d ":" -f 4); 
    232 uidnr=$(echo $userproperties | cut -d ":" -f 3); 
    233  
    234 if [ -d $homedir ]; then 
    235  
    236  
    237         if [ ! -d $homedir/.smb ]; then 
    238  
    239             mkdir -p $homedir/.smb 
    240             chown $uidnr:$gidnr $homedir/.smb 
    241             chmod 755 $homedir/.smb 
    242  
    243         fi 
    244  
    245         if [ -n "$authtok" ]; then 
    246  
    247             rm -f $homedir/.smb/fusesmb.conf 
    248  
    249             touch $homedir/.smb/fusesmb.conf 
    250             chown $uidnr:$gidnr $homedir/.smb/fusesmb.conf 
    251             chmod 600 $homedir/.smb/fusesmb.conf 
    252  
    253             echo "[global]" > $homedir/.smb/fusesmb.conf 
    254             echo "username = $userid" >> $homedir/.smb/fusesmb.conf 
    255             echo "password = $authtok" >> $homedir/.smb/fusesmb.conf 
    256  
    257         fi; 
    258  
    259 fi; 
    260  
    261  
    262 if [ $retcode -ne 0 ]; then 
    263     echo "An error with fusesmb ($retcode)." 
    264 fi; 
    265  
    266 exit $retcode 
    267 EOF 
    268  
    269  
    270 Notes: 
    271  
    272 - The fusesmb script in the onauth directory overwrites any existing fusesmb.conf in the ~/.smb  
    273 directory. I do not have any simple sollution to do otherwise. One way to do that is the use of  
    274 a template. In this template the variables username and password get inserted with 'sed'. 
    275 - this script is executed before(!) any script started by KDM. So when fusesmb starts, it reads  
    276 this new configuration file. 
    277189 
    278190 
     
    285197[2006-01-30] 
    286198  * fixed some typos 
    287  
     199[2006-04-16] 
     200  * deleted everything about PAM 
     201 

  • trunk/wpa-service.txt

    r1027 r1030  
    55LICENSE: GNU Free Documentation License Version 2 
    66 
    7 SYNOPSIS: 
    8 Setting up a wifi interface using wpa_supplicant and LFS IP services 
     7SYNOPSIS: Setting up a wifi interface using wpa_supplicant and LFS IP services 
    98 
    109DESCRIPTION: