account sufficient pam_unix.so
account sufficient pam_pgsql.so
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_pgsql.so
The pam_unix.so lines are there for a testing. Once it works, they're coming
out. Only virtual users will be connecting via FTP.
However, I can put whatever I want in that file, and nothing changes, as
proftpd NEVER makes a pam call.
Here is output of proftpd starting up:
# strace proftpd -nd10 2>&1 | grep -i pam
open("/lib/libpam.so.0", O_RDONLY) = 3
write(2, " - dispatching directive \'AuthPA"..., 58 - dispatching directive
'AuthPAM' to module mod_auth_pam
write(2, " - dispatching directive \'AuthPA"..., 64 - dispatching directive
'AuthPAMConfig' to module mod_auth_pam
write(2, "localhost.localdomain - AuthPAM\n", 32localhost.localdomain -
AuthPAM
write(2, "localhost.localdomain - AuthPAMC"..., 38localhost.localdomain -
AuthPAMConfig
When I try to connect, I get no further output. If instead I grep for 'auth',
I get lots of mod_sql and mod_auth_unix calls, but never a pam call.
sean spoke forth with the blessed manuscript:
> What does your /etc/pam.d/proftpd say?
>
> I'm attaching how mine condenses. debian uses common-account, -auth,
> and -session in seperate files that are included.
>
> #%PAM-1.0
> auth required pam_listfile.so item=user sense=deny
> file=/etc/ftpusers onerr=succeed
> #@include common-auth
> #from common-auth
> auth required pam_unix.so nullok_secure
>
> # This is disabled because anonymous logins will fail otherwise,
> # unless you give the 'ftp' user a valid shell, or /bin/false and add
> # /bin/false to /etc/shells.
> #auth required pam_shells.so
>
> #@include common-account
> #from common-account
> account required pam_unix.so
>
> #@include common-session
> #from common-session
> session required pam_unix.so
>
> --sean
>
> Mike Garfias wrote:
>
> >Thats just it. There are no messages from it.
> >
> >It simply will NOT query pam.
> >
> >I have AuthPAM set to on, it loads up the mod_auth_pam module on startup.
> >Hell, I've run stack traces on it, and there are no pam calls anywhere in
> >the output.
> >
> >
> >sean spoke forth with the blessed manuscript:
> >
> >
> >>I hate responding to myself but it seems odd that you are having trouble
> >>getting proftpd to work with pam ... there's a full readme on the
> >>subject if you google proftpd pam. Are there any error messages you can
> >>share?
> >>
> >>--sean
> >>
> >>sean wrote:
> >>
> >>
> >>
> >>>Proftpd does all this I think. I'm really super satisfied with our
> >>>setup.
> >>>
> >>>--sean
> >>>
> >>>Mike Garfias wrote:
> >>>
> >>>
> >>>
> >>>>I'm in need of an ftpd that doesn't suck.
> >>>>
> >>>>Must haves: PAM support - it has to play nicely with pam_pgsql
> >>>> Configurable (I want to chroot the ftpd to a specific dir)
> >>>> must be able to turn anon OFF
> >>>> must be able restrict user logins to only a couple of sessions
> >>>> must run from inetd (acutally xinetd, but whatever)
> >>>>
> >>>>I've tried pure-ftpd, and it blew up saying it couldn't set
> >>>>capabilities.
> >>>>Some kernel issue here, and I'm not going to rebuild a kernel on a
> >>>>production
> >>>>system cuz the ftpd isn't happy.
> >>>>
> >>>>I've also tried proftpd - it absolutely refuses to try and auth
> >>>>against pam.
> >>>>
> >>>>Vsftp wasn't very granular, and had issues with pam and chroot()
> >>>>stuff (it was
> >>>>TOO locked down).
> >>>>
> >>>>Anything else I can try?
> >>>>---------------------------------------------------
> >>>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> >>>>To subscribe, unsubscribe, or to change you mail settings:
> >>>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>>>
> >>>>
> >>>>
> >>>>
> >>>---------------------------------------------------
> >>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> >>>To subscribe, unsubscribe, or to change you mail settings:
> >>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>>
> >>>
> >>---------------------------------------------------
> >>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> >>To subscribe, unsubscribe, or to change you mail settings:
> >>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>
> >>
> >>
> >>
> >>
> >>
> >---------------------------------------------------
> >PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> >To subscribe, unsubscribe, or to change you mail settings:
> >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> !DSPAM:11,4407acae179311932458107!
>
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)