.pam_environment in kerberized nfs4 home directory
- by Paul Stoever
How can I get pam_env to read the user's .pam_environment file, if the user's file is located in a kerberized NFS4 mount? The file and directory permissions for the .pam_environment file are set in a way, that allows the local root to read the file. Reading .pam_environment only fails on the first login. Subsequent logins successfully read the file.
The client uses Ubuntu 12.04 Desktop, NFS/Kerberos server is 12.04 Server. The Kerberos/NFS4 stuff works with exception of this.
From /var/log/auth for first login:
...
lightdm: pam_krb5(lightdm:auth): user USERNAME authenticated as USERNAME@REALM
lightdm: pam_unix(lightdm:session): session closed for user lightdm
lightdm: pam_env(lightdm:setcred): Unable to open config file: USERHOME/.pam_environment: Permission denied
lightdm: pam_env(lightdm:setcred): Unable to open config file: USERHOME/.pam_environment: Permission denied
lightdm: pam_unix(lightdm:session): session opened for user USERNAME by (uid=0)
...