NssQidb

install and testing procedures

• Install all the rpms in the qidb set
• Run the nss-misc-fix-nsswitch-monde script
• Create a bogus skel – mkdir\xc2\xa0-p\xc2\xa0/etc/empty-skel/EMPTY, so we know if it’s safe to remove the dir
• Add the following line to /etc/pam.d/system-auth

  (Note: You may need to use an alternative method in order to login from gdm)

  • session  required  pam_mkhomedir.so skel=/etc/empty-skel umask=0077 pre_exec=/etc/pam_mkhomedir/pre post_exec=/etc/pam_mkhomedir/post`

• Create a pam_mkhomedir script /etc/pam_mkhomedir/post

  • # sample pam_mkhomedir post script.
    # Create a symbolic link to the users eng home directory
    USER=$1
    
    # pam_mkhomedir will always try to make a home directory if it didn't exist, so we'll need to remove it.
    # MAKE SURE there won't be any real data in /home/$USER!!!
    if [ -d /home/$USER/EMPTY ]; then
        rm -rf /home/$USER
    fi
    
    U=${USER:0:1}
    S=${USER:1:1}
    ln -sn /ad/eng/users/$U/$S/$USER /home/$USER
    exit 0

• Copy your network KeyTab to /etc/krb5.keytab.nss_qidb
• Edit nss_qidb.conf (insert your subnet, not mine)

  • primary_principal_name nss-ad-eng/128.197.55-net@bu.edu

• Replace pam_qidb_group_cussp.conf and nss_qidb_cussp.conf with the ones from the stormy rpms for now.
• Edit /etc/pam_qidb_group.conf to make sure you have permission to login.

Alternatives to pam_mkhomedir

gdm doesn’t seem to work with pam_mkhomedir, see bottom of this page.

You can use Redhat\’s oddjob system with pam_oddjob_mkhomedir.so. Same config as the standard pam_mkhomedir, but doesn’t have the BU additions of pre and post scripts.

You can use an automount program map to directly mount the user’s folder into home. The only problem I see, is that automount can’t stat the home directory (until we get host credentials), therefore it can’t unmount it.

• # automount program map for eng home directories
  USER=$1
  OPTS="-fstype=nfs,tcp,rw,sec=krb5,hard,nolock,intr"
  U=${USER:0:1}
  S=${USER:1:1}
  echo $OPTS engna1.bu.edu:/vol/users/$U/$S/$USER
  exit 0

Automount can also be “tricked” into making the symlink for you. Make an automount program map that never returns the mount paramters, but creates the symlink in the process.

• # dont really mount anything, just make a symlink
  USER=$1
  U=${USER:0:1}
  S=${USER:1:1}
  
  ln -sn /ad/eng/users/$U/$S/$USER /home/$USER
  
  exit 0