Coda File System

Re: Disconnected HOME directories

From: Jason A. Pattie <pattieja_at_pcxperience.com>
Date: Fri, 16 Jan 2004 14:39:36 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ivan Popov wrote:
| Hello Jason,
|
|
|>| I did find pam_kcoda.so and downloaded and installed that tarball.  I
|>| set it up according to the example in the README, but it doesn't seem to
|
|
| hmm, which README do you mean?

The README from the pam_kcoda tarball.

| Here is what my pam config files look like: (approximately)
| ------------------------------------------------
| auth       required     pam_nologin.so
| auth       optional     pam_unix.so
| auth        required   pam_krb5.so use_first_pass ccache=SAFE
require_keytab
| auth        optional   pam_kcoda.so clog /path/to/clog realm
xyz.chalmers.se
|
| account    required     pam_unix.so
|
| session    required     pam_unix.so
| session    optional     pam_lastlog.so
| session    optional     pam_mail.so standard
| session    required     pam_limits.so
| session    optional     pam_krb5.so
| session    optional     pam_kcoda.so nocunlog
| session    optional   pam_tmpdir.so
| session    required   pam_env.so
| ------------------------------------------------
|
| I consider it obsolete as imho there should be a more flexible framework
| for Coda authentication than that - hope it will be - but this one works.

This is the pam_kcoda recommended setting (from the README):

sample entry for /etc/pam.d/login
auth    sufficient     /lib/security/pam_coda.so ignore_root

I think I will try your settings to see if they work better.  Thanks.

|>The strangest thing happened this morning.  I came in to the office,
|>started my laptop (connected), went to a virtual console, logged in as
|>my user, and viola!  It worked!  It connected directly to my HOME
|>directory via coda.  And yet it didn't work yesterday, and I'm pretty
|>sure I had rebooted (but maybe I didn't?).  Did I need to restart PAM or
|>something?
|
|
| PAM cannot be restarted :) as it is just a library linked in by the
| applications like login, xdm, sshd and so on. It does not keep more state
| than any given corresponding application.
|
| Anyway, it looks like forgotten tokens... suspended, not shut down laptop?

Shutdown, of course.  Am I to understand that a token cannot be
maintained across reboots/restarts of venus?  I.e., how is disconnected
startup supposed to work if I can't shutdown my laptop, take it home,
start it back up, and continue working without reconnecting to the
network?  I thought that was one of the capabilities of coda?

I guess if this is not possible that would explain why I cannot login to
my coda HOME directory before I clog as my user to get a token.

Can I replicate the auth2 daemon on my laptop in order to facilitate
retrieving a token when starting up disconnected?

- --
Jason A. Pattie
pattieja_at_xperienceinc.com
Xperience, Inc. (http://www.xperienceinc.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFACEwFuYsUrHkpYtARAnqtAJ9utWiQur+N92Wi5eL05+nCi8Dl/ACfXWCE
xQ5LXVJlV8338Kdi8/bqqo8=
=JsVf
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
Received on 2004-01-16 15:46:16