Example 7 11   Example of /etc/pam.d/sshd file including pam_mkhomedir.so

#%PAM 1.0

auth sufficient

pam_winbind.so

auth      required 

pam_unix2.so use_first_pass

auth      required 

pam_nologin.so

auth      required 

pam_env.so

account   required 

pam_unix2.so

account   sufficient

pam_winbind.so

account   required

pam_nologin.so

password required 

pam_pwcheck.so

password required 

pam_unix2.so use_first_pass use_authtok

session

optional

pam_mkhomedir.so  skel=/etc/skel umask=0022

session   required 

pam_unix2.so none 

# trace or debug

session   required 

pam_limits.so

The skel option tells the module where to get the skeleton files to copy to the 

newly created home directory. The umask governs the creation and subsequent 

permission settings on the directory.

7.4  How to automatically mount home directories at 

logon

One of the great functionalities of Windows is the Single Sign On (SSO) function. 

Once you log onto a Windows OS, it takes your password to try and mount 

shares that you have installed as remountable at next logon.

A similar functionality can be created on a Linux client using the pam_mount 

module. This PAM module is not completely mature yet. It is not included in all 

enterprise distributions. But with a little extra work it can be made to function.

Restriction:

 Take care when mounting SMB shares as users' home 

directories when using graphical logon. Some graphical desktop environments 

will not work in a SMB mounted file system, most importantly, those that 

depend on symbolic links or sockets, since SMB file systems will not work with 

symbolic links and sockets.

Tip:

 Mount the user's domain share in a subdirectory of the home directory, 

thus avoiding all issues with desktop environments.

 Chapter 7. Integration how tos 

143