Frank Cusack wrote:
On October 20, 2006 12:00:26 PM +0100 Darren J Moffat
<[EMAIL PROTECTED]> wrote:
msl wrote:
Ok, thanks very much for your answer. I will look the automounter. But,
about the pam module, how it would work? running on linux machine, and
creating a zfs filesystem on a solaris server (via NFS)? Thanks again.
It wouldn't run on the Linux machine it would run on the Solaris machine
and you would need to have the users login to the Solaris machine once
first.
It could rsh/ssh to the solaris machine and create the fs.
I had the same offline conversation with Marcelo and sent him this as an
outline of how to do this:
What you could do is have a PAM module that does an ssh to the Solaris
NFS server as a non root account. That account on the Solaris machine
would only be able to run a script that creates the users home dir. The
script would need to do something like this:
#!/bin/sh
# Assumes $1 is the username
# Assumes mypool/home is already shared ie, zfs set sharenfs=rw
USER=$1
zfs create mypool/home/$USE
chown -R $USER /mypool/home/$USER
You can have the deployment account (lets call it homedep) setup so that
it can not login directly: passwd -N homedep.
Then set it up with ssh pubkey authentication so that it can only run
the specific script above. Your pam module would then do something like
this:
ssh -lhomedep nfsserver /usr/local/mkhomedir bob
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
