Why does the create_homedir option appear twice in the Pluggable Authentication Modules (PAM) stack?
The create_homedir option appears both in the auth and session section on the Pluggable Authentication Modules (PAM) stack.
auth sufficient pam_vas3.so create_homedir get_nonvas_pass
session required pam_vas3.so create_homedir
The create_homedir entry is in both the Auth and Session sections to cover the following scenarios:
In this scenario, if you wait till the session section in PAM then you don't have a location to write the non-root disconnected cache file, or the .vas_logon_server file.
Note that not every logon will call both sections in PAM.
See the following article for an example of why the non-root disconnected cache file is created:
Authentication Services Knowledge Base Article 28910
The .vas_logon server file is described is this article:
Authentication Services Knowledge Base Article 47692
If required, you can disable the home directory creation as per the following article:
Authentication Services Knowledge Base Article 53707