1PAM_CIFSCREDS(8)                                              PAM_CIFSCREDS(8)
2
3
4

NAME

6       pam_cifscreds - PAM module to manage NTLM credentials in kernel keyring
7

SYNOPSIS

9       Edit the PAM configuration files for the systems that you want to auto‐
10       matically register NTLM credentials  for,  e.g.  /etc/pam.d/login,  and
11       modify as follows:
12
13              ...
14              auth       substack     system-auth
15          +++ auth       optional     pam_cifscreds.so
16              auth       include      postlogin
17              ...
18
19              ...
20              session    include      system-auth
21          +++ session    optional     pam_cifscreds.so domain=DOMAIN
22              session    include      postlogin
23              ...
24
25       Change  DOMAIN  to  the name of you Windows domain, or use host= as de‐
26       scribed below.
27

DESCRIPTION

29       The pam_cifscreds PAM module is a tool for automatically adding creden‐
30       tials  (username and password) for the purpose of establishing sessions
31       in multiuser mounts.
32
33       When a cifs filesystem is mounted with the "multiuser" option, and does
34       not use krb5 authentication, it needs to be able to get the credentials
35       for each user from somewhere. The pam_cifscreds module can be  used  to
36       provide these credentials to the kernel automatically at login.
37
38       In  the  session  section of the PAM configuration file, the module can
39       either an NT domain name or a list of hostname or addresses.
40

OPTIONS

42       pam_cifscreds supports a couple options which can be  set  in  the  PAM
43       configuration  files.  You  must  have one (and only one) of domain= or
44       host=.
45
46       debug  Turns on some extra debug logging.
47
48       domain=<NT domain name>
49              Credentials will be added for the specified NT domain name.
50
51       host=<hostname or IP address>[,...]
52              Credentials will be added for the specified hostnames or IP  ad‐
53              dresses.
54

NOTES

56       The  pam_cifscreds  PAM module requires a kernel built with support for
57       the login key type. That key type was added in v3.3 in  mainline  Linux
58       kernels.
59
60       Since pam_cifscreds adds keys to the session keyring, it is highly rec‐
61       ommended that one use pam_keyinit to ensure that a session  keyring  is
62       established at login time.
63

SEE ALSO

65       cifscreds(1), pam_keyinit(8)
66

AUTHOR

68       The  pam_cifscreds  PAM  module  was  developed  by  Orion Poplawski <‐
69       orion@nwra.com>.
70
71
72
73
74                                                              PAM_CIFSCREDS(8)