Skip to main content
IBM Redbooks

Creating a User Home directory when you use LDAP Authentication

Web Doc

Note: This is publication is now archived. For reference only.

thumbnail 

Published on 25 May 2004

  1. View in HTML
Share this page:
 
 

IBM Form #: TIPS0410

Authors: Gregory Geiselhart

    menu icon

    Abstract

    Lightweight Directory Access Protocol (LDAP) allows a system administrator to centrally define and manage Linux users. Using LDAP, an administrator can define a user to many Linux systems. User information,such as the user password and location of the user's home directory, is stored in the LDAP directory rather than on the local Linux system. This technote describes how to configure the Pluggable Authentication Module (PAM) to automatically create a user home directory the first time a user logs on.

    Contents

    Linux users usually have their home directory (typically the /home/userid directory) created when the user ID is defined. When using LDAP authentication, users are remotely defined (and have no home directory created on the local host). Two possibilities exist to avoid manual creation of a home directory for each LDAP defined user:
    • The user home directory can be located on a network file server (for example, an NFS-mounted file system).
    • The home directory can be automatically created when a user first logs in.

      • For login services except SSH, add the pam_mkhomedir.so module to the PAM configuration file for the service, /etc/pam.d/login,
      for example:
      session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
      If a user authenticates and no home directory exists, the home directory is created in /home. The umask=0077 parameter causes the directory permission to be set to 700. The home directory is constructed from the skeletal files found in the /etc/skel directory.

      Beginning with OpenSSH Version 3.3, automatic creation of a user home directory using pam_mkhomedir.so is no longer supported due to a security modification in SSH. You can use the make_home_dir replacement for pam_mkhomedir.so. The make_home_dir package is available at:
      http://www.trustsec.de/soft/oss

     

      Special Notices

      The material included in this document is in DRAFT form and is provided 'as is' without warranty of any kind. IBM is not responsible for the accuracy or completeness of the material, and may update the document at any time. The final, published document may not include any, or all, of the material included herein. Client assumes all risks associated with Client's use of this document.