- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: libpam_mkdir.1 does not create home dir for ne...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2011 08:56 PM
11-01-2011 08:56 PM
libpam_mkdir.1 does not create home dir for new users in a HP 9000 container
Hi all,
I have a problem with an SRP HP 9000 container. I cannot get the PAM mkdir module working. Users are logging in via LDAP over SSH and if I create the new users home directory manually and permission it correctly then the logon works perfectly however if the home directory does not exist then no login is possible.
I have tried adding debug to the entries in the /etc/pam.conf however no information is being generated to point me to the resolution. I have also configured this fine on HP-UX 11.31 and its working perfectly there but not for these HP-UX 11.11 containers.
# uname -a
HP-UX servername B.11.11 U 9000/800 1303773480 unlimited-user license
# ll -R /usr/lib/security/ | grep -i mkdir
-rwxr-xr-x 1 root sys 24576 Sep 30 2008 libpam_mkdir.1
lrwxr-xr-x 1 root sys 16 Aug 22 20:40 libpam_mkdir.so.1 -> ./libpam_mkdir.1
# file /usr/lib/security/libpam_mkdir.1 ; file /usr/lib/security/libpam_mkdir.so.1
/usr/lib/security/libpam_mkdir.1: PA-RISC1.1 shared library -not stripped
/usr/lib/security/libpam_mkdir.so.1: PA-RISC1.1 shared library -not stripped
# ldd /usr/lib/security/libpam_mkdir.1
/usr/lib/libc.2 => /usr/lib/libc.2
/usr/lib/libdld.2 => /usr/lib/libdld.2
/usr/lib/libc.2 => /usr/lib/libc.2
# file /usr/lib/libc.2 ; file /usr/lib/libdld.2 ; file /usr/lib/libc.2
/usr/lib/libc.2: PA-RISC2.0 shared library -not stripped
/usr/lib/libdld.2: s800 shared library -not stripped
/usr/lib/libc.2: PA-RISC2.0 shared library -not stripped
#
Here is the session management section of the /etc/pam.conf file. As you can see I have entries for SSH as well as OTHER and you can see above the file and path are ok.
# Session management
#
login session required libpam_hpsec.so.1
login session required /usr/lib/security/libpam_mkdir.1 skel=/etc/skel/ umask=0077 debug
login session sufficient libpam_unix.so.1
login session required libpam_ldap.so.1
dtlogin session required libpam_hpsec.so.1
dtlogin session sufficient libpam_unix.so.1
dtlogin session required libpam_ldap.so.1
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
ftp session sufficient libpam_unix.so.1
ftp session required libpam_ldap.so.1
rcomds session required libpam_hpsec.so.1 bypass_limit_login
rcomds session sufficient libpam_unix.so.1
rcomds session required libpam_ldap.so.1
sshd session required libpam_hpsec.so.1
sshd session required /usr/lib/security/libpam_mkdir.1 skel=/etc/skel/ umask=0077 debug
sshd session sufficient libpam_unix.so.1
sshd session required libpam_ldap.so.1
OTHER session required libpam_hpsec.so.1
OTHER session required /usr/lib/security/libpam_mkdir.1 skel=/etc/skel/ umask=0077 debug
OTHER session sufficient libpam_unix.so.1
OTHER session required libpam_ldap.so.1
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2011 01:44 PM
11-02-2011 01:44 PM
Re: libpam_mkdir.1 does not create home dir for new users in a HP 9000 container
Which version of SRP and HP 9000 Containers products are you using? For HP 9000 Containers, are you on A.01.06 release or A.03.00?
You may want to use tusc on the login process (trace all children also) to find if failure of any critical operation is leading to libpam_mkdir not being executed.
Regards
-Rajesh
- Tags:
- tusc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2011 02:41 PM
11-02-2011 02:41 PM
Re: libpam_mkdir.1 does not create home dir for new users in a HP 9000 container
Hi Rajesh,
We are using 1.06 for the containers. I have used tusc before for specific commands but I am not sure how I use it for the logon process. Can you provide an example?
Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2011 10:18 PM - edited 11-02-2011 10:18 PM
11-02-2011 10:18 PM - edited 11-02-2011 10:18 PM
Re: libpam_mkdir.1 does not create home dir for new users in a HP 9000 container
>I am not sure how I use it for the logon process.
Hmm, you may have to use tusc on sshd, since that spawns sshd, etc.
UID PID PPID CMD
root 955 1 /opt/ssh/sbin/sshd
root 10148 955 sshd: foo [priv]
foo 10159 10148 sshd: foo@pts/21
foo 10167 10159 -ksh
tusc -fp -ea -o tusc.out 955 # (in my case)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2011 01:15 AM
11-10-2011 01:15 AM
Re: libpam_mkdir.1 does not create home dir for new users in a HP 9000 container
Since you are using HP 9000 Containers A.01.06, the login process is native there, it might be trying to create home directory on the host system rather than under the chroot'ed directory. You can try setting up the home directories on the host system (for example, move all /home/* from within chroot directory to outside (/home under system root)) and then share the root home directory (for example, use hp9000_link_dir to share /home) If you are in early stages of testing, you can consider v3 (A.01.06) system containers where login process will be emulated inside chroot directory (hp9000 root).
Regards
-Rajesh