What does your /etc/pam.d/proftpd say?
I'm attaching how mine condenses. debian uses common-account, -auth,
and -session in seperate files that are included.
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
#@include common-auth
#from common-auth
auth required pam_unix.so nullok_secure
# This is disabled because anonymous logins will fail otherwise,
# unless you give the 'ftp' user a valid shell, or /bin/false and add
# /bin/false to /etc/shells.
#auth required pam_shells.so
#@include common-account
#from common-account
account required pam_unix.so
#@include common-session
#from common-session
session required pam_unix.so
--sean
Mike Garfias wrote:
>Thats just it. There are no messages from it.
>
>It simply will NOT query pam.
>
>I have AuthPAM set to on, it loads up the mod_auth_pam module on startup.
>Hell, I've run stack traces on it, and there are no pam calls anywhere in the output.
>
>
>sean spoke forth with the blessed manuscript:
>
>
>>I hate responding to myself but it seems odd that you are having trouble
>>getting proftpd to work with pam ... there's a full readme on the
>>subject if you google proftpd pam. Are there any error messages you can
>>share?
>>
>>--sean
>>
>>sean wrote:
>>
>>
>>
>>>Proftpd does all this I think. I'm really super satisfied with our
>>>setup.
>>>
>>>--sean
>>>
>>>Mike Garfias wrote:
>>>
>>>
>>>
>>>>I'm in need of an ftpd that doesn't suck.
>>>>
>>>>Must haves: PAM support - it has to play nicely with pam_pgsql
>>>> Configurable (I want to chroot the ftpd to a specific dir)
>>>> must be able to turn anon OFF
>>>> must be able restrict user logins to only a couple of sessions
>>>> must run from inetd (acutally xinetd, but whatever)
>>>>
>>>>I've tried pure-ftpd, and it blew up saying it couldn't set
>>>>capabilities.
>>>>Some kernel issue here, and I'm not going to rebuild a kernel on a
>>>>production
>>>>system cuz the ftpd isn't happy.
>>>>
>>>>I've also tried proftpd - it absolutely refuses to try and auth
>>>>against pam.
>>>>
>>>>Vsftp wasn't very granular, and had issues with pam and chroot()
>>>>stuff (it was
>>>>TOO locked down).
>>>>
>>>>Anything else I can try?
>>>>---------------------------------------------------
>>>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>>>>To subscribe, unsubscribe, or to change you mail settings:
>>>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>>
>>>>
>>>---------------------------------------------------
>>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>>>To subscribe, unsubscribe, or to change you mail settings:
>>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>>>
>>---------------------------------------------------
>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>>To subscribe, unsubscribe, or to change you mail settings:
>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>!DSPAM:11,4407a027179313524519832!
>>
>>
>>
>>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)