pam_cifscreds (8)

Leading comments

Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)

Standard preamble:
========================================================================

(The comments found at the beginning of the groff file "man8/pam_cifscreds.8".)

NAME

pam_cifscreds - PAM module to manage NTLM credentials in kernel keyring

SYNOPSIS

Edit the configuration files for the systems that you want to automatically register credentials for, e.g. /etc/pam.d/login, and modify as follows:

        ...
        auth       substack     system-auth
    +++ auth       optional     pam_cifscreds.so
        auth       include      postlogin
        ...

        ...
        session    include      system-auth
    +++ session    optional     pam_cifscreds.so domain=DOMAIN
        session    include      postlogin
        ...

Change

to the name of you Windows domain, or use host= as described below.

DESCRIPTION

The pam_cifscreds module is a tool for automatically adding credentials (username and password) for the purpose of establishing sessions in multiuser mounts.

When a cifs filesystem is mounted with the ``multiuser'' option, and does not use krb5 authentication, it needs to be able to get the credentials for each user from somewhere. The pam_cifscreds module can be used to provide these credentials to the kernel automatically at login.

In the session section of the

configuration file, the module can either an domain name or a list of hostname or addresses.

OPTIONS

pam_cifscreds supports a couple options which can be set in the configuration files. You must have one (and only one) of domain= or host=.

debug

Turns on some extra debug logging.

domain=<

NT

domain name>

Credentials will be added for the specified

NT

domain name.

host=<hostname or

IP

address>[,...]

Credentials will be added for the specified hostnames or

IP

addresses.

NOTES

The pam_cifscreds module requires a kernel built with support for the login key type. That key type was added in v3.3 in mainline Linux kernels.

Since pam_cifscreds adds keys to the session keyring, it is highly recommended that one use pam_keyinit to ensure that a session keyring is established at login time.

SEE ALSO

cifscreds(1), pam_keyinit(8)

AUTHOR

The pam_cifscreds module was developed by Orion Poplawski <orion@nwra.com>.