PAM mkhomedir for solaris

There is a PAM module available that creates home directories on fly, pam_mkhomedir.so. This is quite useful if you have an LDAP authentication in place ( in this case Directory Server 6.3) but quite annoying if the users do not have a home directory.

First of all , you will need to download the files [kernel.org](http =//www.kernel.org)

PATH=/usr/sfw/bin:/usr/ccs/bin:$PATH;export PATH

gcc -c -g -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall

-fPIC -I../../libpam/include \

-I../../libpamc/include   \

-I../pammodutil/include pam_mkhomedir.c

I compiled the module and enabled it. I decided to debug why the module was not working properly. First, I enabled debug mode in syslog daemon, you only need to add.

*.debug /var/adm/pam_log

in the /etc/syslog.conf. Here is what I found out after poking around the logs:

May 18 10:27:25 kestod sshd[26177]: 
[ID 547715 auth.debug] PAM[26177]: load_function: successful load of 
 pam_sm_setcred 
May 18 10:27:25 kestodd sshd[26177]:
[ID 482737 auth.debug] PAM[26177]: pam_open_session(8a828, 0) 
May 18 10:27:25 des-to16-d sshd[26177]: [ID 926797 auth.debug]
PAM[26177]: load_modules(8a828,
pam_sm_open_session)=/usr/lib/security/pam_mkhomedir.so*

This wasn’t going anywhere, perhaps trying with an LDAP user, iterating over different services I could find out something. First, SSH, no luck. My second thought was to try telnet and I got this:

login: user1 
Password: 
ld.so.1: login: fatal: relocation error:
file /usr/lib/security/pam_mkhomedir.so: symbol _pammodutil_getpwnam: referenced symbol not found 
Connection to localhost closed by foreign host.

Finally we were going somewhere. I opened pam_mkhomedir.c and I searched the name of functions, matching even more functions:

	_pammodutil_getpwnam
	_pammodutil_read
  	_pammodutil_write  
  	_pammodutil_cleanup

Those functions were not available in Solaris 10 ( of course neither above versions ). I decided to include all the functions definition in the same file, and I added some includes, so this is all the code you need to add pam_mkhomedir.c and compile.

You have to copy and paste both declarations and their implementations.

other session required pam_mkhomedir.so skel=/etc/skel umask=0022

Now you can try to log in the system with a LDAP user:

  ssh -l user5 localhost 
  Password: 
  Creating directory '/export/home/user5'. 

  Last login: Thu May 14 17:16:21 2009 from localhost 
  -bash-3.00$

You can also try to access using telnet. There is backward compability among different versions of Solaris, that means, it will work out in Solaris 8,9 as well. I hope this information can be useful to somebody.