-
Title
Why does the create_homedir option appear twice in the PAM stack? -
Description
Why does the create_homedir option appear twice in the Pluggable Authentication Modules (PAM) stack?
The create_homedir option appears both in the auth and session section on the Pluggable Authentication Modules (PAM) stack.e.g.
auth sufficient pam_vas3.so create_homedir get_nonvas_pass
session required pam_vas3.so create_homedir -
Resolution
The create_homedir entry is in both the Auth and Session sections to cover the following scenarios:
- A user logging in passwordless without a home directory.
- A user has a password without a home directory.
In this scenario, if you wait till the session section in PAM then you don't have a location to write the non-root disconnected cache file, or the .vas_logon_server file.
Note that not every logon will call both sections in PAM.
See the following article for an example of why the non-root disconnected cache file is created:
Authentication Services Knowledge Base Article 28910The .vas_logon server file is described is this article:
Authentication Services Knowledge Base Article 47692If required, you can disable the home directory creation as per the following article:
Authentication Services Knowledge Base Article 53707