I didn’t know this one !
When you set your lpar to be a LDAP client (for example), the LDAP users have no home directory on your newly created LPAR, and you get an error message « /home/user : No such file or directory « , pretty annoying. You can avoid creating every home manually by issuing the chsec command with the option « mkhomeatlogin » :
# ssh user1@lpar1 user1@lpar1's password: Could not chdir to home directory /home/user1: No such file or directory user1@lpar1:/$ pwd / user1@lpar1:/$ Connection to lpar1 closed.
Let’s ssh back as root to execute chsec command:
# ssh lpar1 root@lpar1:/root# chsec -f /etc/security/login.cfg -s usw -a mkhomeatlogin=true root@lpar1:/root# Connection to lpar1 closed.
Ok now let’s try again :
# ssh user1@lpar1 user1@lpar1's password: user1@lpar1:/home/user1$ pwd /home/user1
Now we’re good !
Automatic home directory creation at login
AIX® can automatically create a home directory at user login.
This feature is useful for remotely defined users (for example, users defined in a LDAP server) who may not have a home directory in the local system. AIX provides two mechanisms to automatically create a home directory at user login: a standard AIX mechanism and a PAM mechanism. These mechanisms can be enabled together.
The AIX mechanism covers login through the following commands: getty, login, rlogin, rsh, telnet, and tsm. When the pam_aix module is used, the AIX mechanism supports both STD_AUTH and PAM_AUTH authentication. Enable the AIX mechanism in the /etc/security/login.cfg file by setting the mkhomeatlogin attribute of the usw stanza to true (refer to the /etc/security/login.cfg file for additional information about the file). Use the chsec command to enable or disable the automatic-home-directory-creation-at-login feature. For example, to enable the feature, run the following command:
# chsec -f /etc/security/login.cfg -s usw -a mkhomeatlogin=true
When enabled, the login process checks for the user’s home directory after successful authentication. If a user’s home directory does not exist, one is created.
AIX also provides a pam_mkuserhome module for creating home directories for PAM mechanisms. The pam_mkuserhome module can be stacked with other session modules for login services. To enable this PAM module for a service, an entry must be added to that service. For example, to enable home directory creation through thetelnet command using PAM, add the following entry to the /etc/pam.cfg file:
telnet session optional pam_mkuserhome