Restriction:

 The pam_mount module does not follow the rules of PAM 

implementation, since the actual mount is done in the auth part instead of the 

session part may mean that the mount will occur before a pam_mkhomedir 

has actually created a mount point.

The pam_mount module not only mounts SMB file systems, but also NCP, 

loop mounted encrypted file systems, and basically any file system handled by 

the 

mount

 command.

7.4.1  pam_mount on Red Hat Desktop

The module is added to the /etc/pam.d/system auth file to enable automatic 

mounting for all login modes. The module consists of both an  auth  part, which 

acquires the password through PAM; and a  session  part, which does the actual 

mounting. Since this is a session module this enables an unmount of the file 

systems when the session closes.

Tip:

 Check if you need automatic mounting for all modes to login. For 

example, a 

su

 from root to a user will not work because a password is not 

provided. 

The lines to add look like this:

auth

required

pam_mount.so

And:

session

optional

pam_mount.so

The auth line should go before pam_unix and pam_winbind lines. The session 

line should go in the session section.

The pam_mount module has its own configuration file 

/etc/security/pam_mount.conf. This file contains settings like where the 

mount

and 

umount

 commands are found, debug settings, whether mount points should 

be created, and which file systems should be mounted for which users. 

A minimum pam_mount.conf file for just mounting SMB shares looks like 

Example 7 12.

Example 7 12   Minimum pam_mount.conf 

debug 1

mkmountpoint 1

options_require

nosuid,nodev

144 

Linux Client Migration Cookbook   A Practical Planning and Implementation Guide for Migrating to Desktop