-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ray Van Dolson wrote:
|I'm setting up a bunch of Fedora-based servers that will be |authenticating logins via pam_ldap (PAM). I've gotten things |running nicely, but ran into a small probelm with OpenSSH. When |a user who hasn't logged into a certain box before logs in and |his home directory doesn't exist, I use the pam_mkhomedir.so |module to create the directory. However, this will barf on |OpenSSH <= 3.7 unless Privilege Separation is disabled since |after authentication is complete, the process is running as the |'ssh' user and can't write to /home (and couldn't change the |owner of the new directory to the user I want in any case). | |Work-around is to turn off privilege separation, but I'm not sure |how good of an idea this is... the other option would be to upgrade |to OpenSSH 3.7.x where this problem is no longer an issue. | |Any plans to bump Fedora's OpenSSH to 3.7? Doesn't appear to be |the case in C2. Maybe I should roll my own RPM's or just modify |my Kickstart configuration to turn off privilege separation on |all the boxes when they're set up... | |Just looking for some opinions.
Are uids consistent throughout the boxes? Why not just setup a homes server, and share out the /home directory via nfs?
- -- Sean Kennedy PGP public key: http://tpno.org/keys/0xFC1C377F.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAl857IjyA6vwcN38RAtKDAJkBEPqt4+Jn6Iyic8zcG99UNjcquwCfePaw E7BR4wjjHBtYqnJE5iCNVbY= =OVdb -----END PGP SIGNATURE-----
