I'm trying to find a way to automatically mount a user's Nextcloud WebDAV share when they log in on a PC, but I'm looking to avoid using a secrets file. Currently, we're using the Nextcloud desktop client to manage our data in the company, but we've been running into synchronization issues because we have several multi-user PCs, and the client isn't really designed for that. We want something more reliable, like accessing Nextcloud directly through WebDAV. While it's possible to mount the share through file browsers like Thunar or Nautilus, I've encountered problems with software that can't access shares in the `run/user/$UID/gvfs/` path. We've tried using davfs2 with fstab and autofs, but davfs2 requires user credentials from a file, which is problematic on shared systems. Since both Nextcloud and user accounts are based on LDAP, I'm wondering if there's a way to leverage that setup—perhaps using PAM to pass the password? Has anyone found a clean way to mount WebDAV shares automatically without using secrets files?
2 Answers
Using PAM is a solid approach for integrating with user login. You can either develop your own PAM module or utilize an existing one, like pam_script, to run custom scripts during the login process. Just be mindful of how you pass the password in scripts—it's safer to use stdin instead of command line arguments to avoid security risks.
If you're open to alternatives, consider using NFS in combination with Kerberos. It can be a solid solution for mounting, and Kerberos handles the authentication elegantly with your LDAP setup. You'd set up a central NFS share, then mount it at a designated path on each machine, allowing users to access only their files securely.
Thanks for the suggestion! Unfortunately, we had a similar NFS setup for over a decade before my predecessor switched to Nextcloud for better version history and web access, so we're stuck with it now.