I'm using CentOS 5.3 to connect to use Kerberos for authentication and LDAP for user information. Unfortunately, the home directory for all users as stored in LDAP is "/". Very bright! So, that doesn't work. Without having any access to LDAP, I need to figure out how to force users to use the local directory "/home/username" as HOME.
I've tried editing /etc/bashrc but it seems like at that point it's too late to set HOME. Plus, I might need to edit the user's default shell, which is also stored in LDAP. Doesn't seem like changing the local /etc/bashrc would help because it might not even be loaded!
So, when using these components -- Kerberos, LDAP, pam, autofs -- when and where can I specify the environment for my users, if necessary overriding the environment set in LDAP?
TIA!!!1
Warning: Ugly hack ahead! The best thing will of course be to change the data in the LDAP server, and save your self the trouble, but here it goes:
Add the following line at the end of /etc/security/pam_env.conf:
This will override the users $HOME variable to point to the right directory. However, this is only set after login, so you'll still get an error that login can't find the users home directory. 2nd phase of ugly hack is to add a "cd ~" at the end of /etc/profile, which will bring your user to the right home directory. Hopefully at this stage you'll be able to use automount to map the home directory to the correct NFS server
I agree with Mark, your best bet would be to modify the entry in LDAP.
If you can't do that, I can suggest something that is a major hack but would get the job done:
Instead of doing the lookups directly to LDAP, use nsscache to pull user data from LDAP. Then in the same cron job that will periodically update cache, add a script that will rewrite the home directory attribute for the users to the one you want. You could also do this by modifying the nsscache source directly.
You can use a similar method to alter the default shell.
This will also have the nice side-effect of reducing/mostly eliminating queries to your LDAP server :)
Have you configured NSS to talk directly to the LDAP server, or are you going through a proxy such as
nslcd
? If so, look into configuring the proxy to rewrite the user's home directory attribute. For instance, innslcd.conf
you can state:Which does the obvious thing.