Hi,
On 24 Jun 2008, at 19:55, Jim Carter wrote:
> On Tue, 24 Jun 2008, Anton Altaparmakov wrote:
>>> This problem is interesting: how would you do this while using the
>>> multi-thread capability of autofs version 5? Here's how far I
>>> got. First,
>>> we're not going to mount anything at login time; we're going to
>>> mount the
>>> homedir the first time it's referenced, which on my system would be
>>> slightly before logging in is finished (to check the ssh key in the
>>> homedir).
>>
>> Note this is not possible for us. You cannot use SSH-keys when the
>> home
>> directory is on a Netware server because you need the user's
>> password to be
>> able to mount the home directory, there is no way to perform the
>> mount before
>> asking the user for their password.
>
> Oh, I didn't mean that you should use ssh authentication (in the
> sense that
> if the given password decrypts the ssh private key, that's
> sufficient to
> authenticate the user), I meant that we always load the keys into an
> agent
> process if existing, which requires automounting the homedir partway
> through PAM processing before the user is fully logged in.
>
> Are you saying that publickey authentication in ssh is desired by
> users but
> is not feasible, because the plaintext password is required to mount
> the
> homedir to read the public key? I guess that's right, when the
> homedir is
> on NCP or CIFS.
Yes, that is correct. Users want it and we can't give it to them as
we cannot read their ~/.ssh directory contents until we have asked for
their plaintext password and used it to authenticate to the netware
server.
Best regards,
Anton
>>> Warning: before deploying a submount-based scheme in production,
>>> watch for
>>> a resolution of the internal locking (mutex) issue that's so
>>> bedeviling me.
>>
>> Could you elaborate on this? What issue are you seeing? Thanks a
>> lot in
>> advance!
>
> Ian Kent described it pretty well in his reply. The thread that's
> trying
> to mount a directory just hangs, and any further reference to that dir
> piles up waiting forever for the mount to finish. At least the client
> process can be killed.
--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer, http://www.linux-ntfs.org/
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
