On Tue, 24 Jun 2008, Anton Altaparmakov wrote: > >This problem is interesting: how would you do this while using the > >multi-thread capability of autofs version 5? Here's how far I got. First, > >we're not going to mount anything at login time; we're going to mount the > >homedir the first time it's referenced, which on my system would be > >slightly before logging in is finished (to check the ssh key in the > >homedir). > > Note this is not possible for us. You cannot use SSH-keys when the home > directory is on a Netware server because you need the user's password to be > able to mount the home directory, there is no way to perform the mount before > asking the user for their password.
Oh, I didn't mean that you should use ssh authentication (in the sense that if the given password decrypts the ssh private key, that's sufficient to authenticate the user), I meant that we always load the keys into an agent process if existing, which requires automounting the homedir partway through PAM processing before the user is fully logged in. Are you saying that publickey authentication in ssh is desired by users but is not feasible, because the plaintext password is required to mount the homedir to read the public key? I guess that's right, when the homedir is on NCP or CIFS. > >Warning: before deploying a submount-based scheme in production, watch for > >a resolution of the internal locking (mutex) issue that's so bedeviling me. > > Could you elaborate on this? What issue are you seeing? Thanks a lot in > advance! Ian Kent described it pretty well in his reply. The thread that's trying to mount a directory just hangs, and any further reference to that dir piles up waiting forever for the mount to finish. At least the client process can be killed. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: [EMAIL PROTECTED] http://www.math.ucla.edu/~jimc (q.v. for PGP key) _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
