/usr/share/sadms-2.0.15/help-pam is in sadms 2.0.15.repack-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PAM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This will configure system authentication
(/etc/pam.d/system-auth) to use
- pam_winbind : use Active Directory
authentication, so the user does not have
to have a local account to login to this
host.
- pam_mkhomedir : create a local home
directory footprint for Active Directory
user that does not have a local home.
- pam_mount : connect to a Samba or Windows
remote share that could contain a domain
home. The share will be mounted on the local
file system (/mnt/net).
Important note:
Tampering with the /etc/pam.d service
files may result in the machine being unable to accept
any authentication even from root. Should such a
situation occur, reboot the system in administrative
mode (single) and use an editor to restore the
/etc/pam.d/system-auth to its previous contents :
remove the pam_winbind, pam_mount, pam_Mkhomedir
lines and remove use_first-pass in pam_unix line.
It is recommended that the system administrator leave
a console session open while carrying out the tests.
Home server :
This is the Samba or Windows server that hosts
the share the user will connect to and will be
mounted at /mnt/net.
Home share :
This is the name of the share (without any
leading server name). If the share is to
be determined at run time and is user-
dependent, use * as a place-holder for the
logged-on user name. Tests with more than one
level have so far failed (eg users/*).
Client signing :
If you connect to a Windows 2003 server client signing
my be necessary. smbfs does not support client signing.
So use the cifs file system.
See the end of /etc/psecurity/pammount.conf.
|