account sufficient pam_unix.so account sufficient pam_pgsql.so auth sufficient pam_unix.so nullok_secure auth sufficient pam_pgsql.so The pam_unix.so lines are there for a testing. Once it works, they're coming out. Only virtual users will be connecting via FTP. However, I can put whatever I want in that file, and nothing changes, as proftpd NEVER makes a pam call. Here is output of proftpd starting up: # strace proftpd -nd10 2>&1 | grep -i pam open("/lib/libpam.so.0", O_RDONLY) = 3 write(2, " - dispatching directive \'AuthPA"..., 58 - dispatching directive 'AuthPAM' to module mod_auth_pam write(2, " - dispatching directive \'AuthPA"..., 64 - dispatching directive 'AuthPAMConfig' to module mod_auth_pam write(2, "localhost.localdomain - AuthPAM\n", 32localhost.localdomain - AuthPAM write(2, "localhost.localdomain - AuthPAMC"..., 38localhost.localdomain - AuthPAMConfig When I try to connect, I get no further output. If instead I grep for 'auth', I get lots of mod_sql and mod_auth_unix calls, but never a pam call. sean spoke forth with the blessed manuscript: > What does your /etc/pam.d/proftpd say? > > I'm attaching how mine condenses. debian uses common-account, -auth, > and -session in seperate files that are included. > > #%PAM-1.0 > auth required pam_listfile.so item=user sense=deny > file=/etc/ftpusers onerr=succeed > #@include common-auth > #from common-auth > auth required pam_unix.so nullok_secure > > # This is disabled because anonymous logins will fail otherwise, > # unless you give the 'ftp' user a valid shell, or /bin/false and add > # /bin/false to /etc/shells. > #auth required pam_shells.so > > #@include common-account > #from common-account > account required pam_unix.so > > #@include common-session > #from common-session > session required pam_unix.so > > --sean > > Mike Garfias wrote: > > >Thats just it. There are no messages from it. > > > >It simply will NOT query pam. > > > >I have AuthPAM set to on, it loads up the mod_auth_pam module on startup. > >Hell, I've run stack traces on it, and there are no pam calls anywhere in > >the output. > > > > > >sean spoke forth with the blessed manuscript: > > > > > >>I hate responding to myself but it seems odd that you are having trouble > >>getting proftpd to work with pam ... there's a full readme on the > >>subject if you google proftpd pam. Are there any error messages you can > >>share? > >> > >>--sean > >> > >>sean wrote: > >> > >> > >> > >>>Proftpd does all this I think. I'm really super satisfied with our > >>>setup. > >>> > >>>--sean > >>> > >>>Mike Garfias wrote: > >>> > >>> > >>> > >>>>I'm in need of an ftpd that doesn't suck. > >>>> > >>>>Must haves: PAM support - it has to play nicely with pam_pgsql > >>>> Configurable (I want to chroot the ftpd to a specific dir) > >>>> must be able to turn anon OFF > >>>> must be able restrict user logins to only a couple of sessions > >>>> must run from inetd (acutally xinetd, but whatever) > >>>> > >>>>I've tried pure-ftpd, and it blew up saying it couldn't set > >>>>capabilities. > >>>>Some kernel issue here, and I'm not going to rebuild a kernel on a > >>>>production > >>>>system cuz the ftpd isn't happy. > >>>> > >>>>I've also tried proftpd - it absolutely refuses to try and auth > >>>>against pam. > >>>> > >>>>Vsftp wasn't very granular, and had issues with pam and chroot() > >>>>stuff (it was > >>>>TOO locked down). > >>>> > >>>>Anything else I can try? > >>>>--------------------------------------------------- > >>>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >>>>To subscribe, unsubscribe, or to change you mail settings: > >>>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > >>>> > >>>> > >>>> > >>>> > >>>--------------------------------------------------- > >>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >>>To subscribe, unsubscribe, or to change you mail settings: > >>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > >>> > >>> > >>--------------------------------------------------- > >>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >>To subscribe, unsubscribe, or to change you mail settings: > >>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > >> > >> > >> > >> > >> > >> > >--------------------------------------------------- > >PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >To subscribe, unsubscribe, or to change you mail settings: > >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > !DSPAM:11,4407acae179311932458107! > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss