PAM mkhomedir for solarisSun, May 31, 2009
There is a PAM module available in order to create home directories on fly, pam_mkhomedir.so. This is quite useful if you have a LDAP server ( in this case Directory Server 6.3) and you are inserting users but their home directories were not created.
First of all , you will need to download the files kernel.org
PATH=/usr/sfw/bin:/usr/ccs/bin:$PATH;export PATH gcc -c -g -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall -fPIC -I../../libpam/include \ -I../../libpamc/include \ -I../pammodutil/include pam_mkhomedir.c
After the compilation the module dit not work, What should I do now? Well, I tried to debug why the module was not working properly. First I enabled debug mode in syslog daemon, you only need to add.
in the /etc/syslog.conf. Here is what I found out after poking around the logs:
May 18 10:27:25 kestod sshd: [ID 547715 auth.debug] PAM: load_function: successful load of pam_sm_setcred May 18 10:27:25 kestodd sshd: [ID 482737 auth.debug] PAM: pam_open_session(8a828, 0) May 18 10:27:25 des-to16-d sshd: [ID 926797 auth.debug] PAM: load_modules(8a828, pam_sm_open_session)=/usr/lib/security/pam_mkhomedir.so*
Nothing special pointed me out how to solve this, so I tried a different approach. Perhaps trying with a LDAP user, trought different services I could find out something.I tried first SSH and I was kicked out the system. My second thought was to try telnet and I got this:
login: user1 Password: ld.so.1: login: fatal: relocation error: file /usr/lib/security/pam_mkhomedir.so: symbol _pammodutil_getpwnam: referenced symbol not found Connection to localhost closed by foreign host.
This got me some clues. I edited pam_mkhomedir.c and I found the name of four functions:
_pammodutil_getpwnam _pammodutil_read _pammodutil_write _pammodutil_cleanup
Those functions are no available in Solaris 10 ( of course neither above versions ). What did I do? I put all these functions together in the same file, and I added some includes, so this is all the code you need to add pam_mkhomedir.c and compile afterwards:
You have to copy and paste both declarations and their implementations.
other session required pam_mkhomedir.so skel=/etc/skel umask=0022
Now you can try to log in the system with a LDAP user:
ssh -l user5 localhost Password: Creating directory '/export/home/user5'. Last login: Thu May 14 17:16:21 2009 from localhost -bash-3.00$
You can also try to access using telnet. There is backward compability among different versions of Solaris, that means, it will work out in Solaris 8,9 as well. I hope this information can be useful to somebody.