Pam_preprofile 1.1, a swiss army knife for PAM

Pam preprofile is a PAM module that ensures that some program or script is run each time a user logs into the computer. It’s suited for network administrators when they can’t rely on a particular shell to execute the user’s .profile, .bash_profile, .bashrc or similar… because sometimes the user home directory doesn’t even exist yet.

There are already many PAM modules out there, each one suited to a particular need (mounting shares, creating tmp dirs, etc.), but the real advantage of pam_preprofile is its versatility. Pam_preprofile can be used to satisfy any need not being implemented by any existing PAM module at this time but which can be written as a script by the system admin.

The configuration is simple. Just install the module at /lib/security/ and add this line at the end of /etc/pam.d/common-session:

session required pam_preprofile.so /tmp/myprogram.sh /usr/doc

That will call /tmp/myprogram.sh every time the user starts a session (logs into the desktop), passing it a “/usr/doc” parameter, plus an extra parameter with the username being authenticated.

In the previous version of the module, the script was executed always at the session stage. It was very helpful to create the user account. But some weeks ago, a network administrator presented me a scenario where he needed to execute the script each time the system asked the user for a password (that is, at “auth” stage), because the user info could have been updated meanwhile and some local configuration should be updated based on that.

I then improved the module and the new 1.1 version is out. It allow scripts to be executed in the PAM stage you want (account, auth, password and session), not only at the “session” stage allowed by the previous version.

Are you a network administrator? You can download it from:

http://community.igalia.com/twiki/bin/view/Corunix/ProjectDownloadStable

I’ve a landline phone number in USA

I know, I know… having a landline phone number in USA isn’t uncommon if you live there. But the fact is that I don’t live there.

The phone number is offered for free by IpKall and it’s binded to my Gizmo SIP account (VoIP). That way, when you call that number, and if I’m logged into my Gizmo account, I can receive your call. Moreover, if you’ve a Skype account it should be cheap for you to call me. Yes, you’ve catched it: it’s the perfect and cheap (but not free) SIP-Skype bridge.

In fact, I’m thinking to bind the number to the SIP account of the PolyCom we’ve in the office. That way, we could set up a multiconference among some Skype users and the PolyCom.

P.S.: I’m not showing here the real phone number nor the Gizmo account for privacy reasons. If you’d like to know them, just contact me.