PAM mkhomedir for solaris

There is a PAM module available in order to create home directories on fly, pam_mkhomedir.so. This is quite useful if you have a LDAP server ( in this case Directory Server 6.3) and you are inserting users but their home directories were not created.

First of all , you will need to download the files kernel.org

PATH=/usr/sfw/bin:/usr/ccs/bin:$PATH;export PATH

gcc -c -g -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall

-fPIC -I../../libpam/include \

-I../../libpamc/include   \

-I../pammodutil/include pam_mkhomedir.c

After the compilation the module dit not work, What should I do now? Well, I tried to debug why the module was not working properly. First I enabled debug mode in syslog daemon, you only need to add.

*.debug /var/adm/pam_log

in the /etc/syslog.conf. Here is what I found out after poking around the logs:

May 18 10:27:25 kestod sshd[26177]: 
[ID 547715 auth.debug] PAM[26177]: load_function: successful load of 
 pam_sm_setcred 
May 18 10:27:25 kestodd sshd[26177]:
[ID 482737 auth.debug] PAM[26177]: pam_open_session(8a828, 0) 
May 18 10:27:25 des-to16-d sshd[26177]: [ID 926797 auth.debug]
PAM[26177]: load_modules(8a828,
pam_sm_open_session)=/usr/lib/security/pam_mkhomedir.so*

Nothing special pointed me out how to solve this, so I tried a different approach. Perhaps trying with a LDAP user, trought different services I could find out something.I tried first SSH and I was kicked out the system. My second thought was to try telnet and I got this:

login: user1 
Password: 
ld.so.1: login: fatal: relocation error:
file /usr/lib/security/pam_mkhomedir.so: symbol _pammodutil_getpwnam: referenced symbol not found 
Connection to localhost closed by foreign host.

This got me some clues. I edited pam_mkhomedir.c and I found the name of four functions:

_pammodutil_getpwnam
_pammodutil_read
_pammodutil_write  
_pammodutil_cleanup

Those functions are no available in Solaris 10 ( of course neither above versions ). What did I do? I put all these functions together in the same file, and I added some includes, so this is all the code you need to add pam_mkhomedir.c and compile afterwards:

You have to copy and paste both declarations and their implementations.

other session required pam_mkhomedir.so skel=/etc/skel umask=0022

Now you can try to log in the system with a LDAP user:

  ssh -l user5 localhost 
  Password: 
  Creating directory '/export/home/user5'. 

  Last login: Thu May 14 17:16:21 2009 from localhost 
  -bash-3.00$

You can also try to access using telnet. There is backward compability among different versions of Solaris, that means, it will work out in Solaris 8,9 as well. I hope this information can be useful to somebody.