Creating a User Home directory when you use LDAP Authentication
Note: This is publication is now archived. For reference only.
Published 25 May 2004
Rate and comment
Authors: Gregory Geiselhart
Lightweight Directory Access Protocol (LDAP) allows a system administrator to centrally define and manage Linux users. Using LDAP, an administrator can define a user to many Linux systems. User information,such as the user password and location of the user's home directory, is stored in the LDAP directory rather than on the local Linux system. This technote describes how to configure the Pluggable Authentication Module (PAM) to automatically create a user home directory the first time a user logs on.
Linux users usually have their home directory (typically the /home/userid directory) created when the user ID is defined. When using LDAP authentication, users are remotely defined (and have no home directory created on the local host). Two possibilities exist to avoid manual creation of a home directory for each LDAP defined user:
- The user home directory can be located on a network file server (for example, an NFS-mounted file system).
- The home directory can be automatically created when a user first logs in.
For login services except SSH, add the pam_mkhomedir.so module to the PAM configuration file for the service, /etc/pam.d/login,
- session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
Beginning with OpenSSH Version 3.3, automatic creation of a user home directory using pam_mkhomedir.so is no longer supported due to a security modification in SSH. You can use the make_home_dir replacement for pam_mkhomedir.so. The make_home_dir package is available at:
This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a client responsibility and depends upon the client's ability to evaluate and integrate them into the client's operational environment.
Follow IBM Redbooks
Follow IBM Redbooks