ftp server recomendation?

Mike Garfias mike at garfias.org
Thu Mar 2 20:10:36 MST 2006


account sufficient      pam_unix.so
account sufficient      pam_pgsql.so
auth    sufficient      pam_unix.so nullok_secure 
auth    sufficient      pam_pgsql.so         

The pam_unix.so lines are there for a testing.  Once it works, they're coming
out.  Only virtual users will be connecting via FTP.

However, I can put whatever I want in that file, and nothing changes, as
proftpd NEVER makes a pam call.

Here is output of proftpd starting up:

# strace proftpd -nd10 2>&1 | grep -i pam
open("/lib/libpam.so.0", O_RDONLY)      = 3
write(2, " - dispatching directive \'AuthPA"..., 58 - dispatching directive
'AuthPAM' to module mod_auth_pam
write(2, " - dispatching directive \'AuthPA"..., 64 - dispatching directive
'AuthPAMConfig' to module mod_auth_pam
write(2, "localhost.localdomain - AuthPAM\n", 32localhost.localdomain -
AuthPAM
write(2, "localhost.localdomain - AuthPAMC"..., 38localhost.localdomain -
AuthPAMConfig
                       
When I try to connect, I get no further output.  If instead I grep for 'auth',
I get lots of mod_sql and mod_auth_unix calls, but never a pam call.


sean spoke forth with the blessed manuscript:
> What does your /etc/pam.d/proftpd say?
> 
> I'm attaching how mine condenses.   debian uses  common-account, -auth, 
> and -session in seperate files that are included.
> 
> #%PAM-1.0
> auth       required     pam_listfile.so item=user sense=deny 
> file=/etc/ftpusers onerr=succeed
> #@include common-auth
> #from common-auth
> auth    required        pam_unix.so nullok_secure 
> 
> # This is disabled because anonymous logins will fail otherwise,
> # unless you give the 'ftp' user a valid shell, or /bin/false and add
> # /bin/false to /etc/shells.
> #auth       required    pam_shells.so
> 
> #@include common-account
> #from common-account
> account required        pam_unix.so 
> 
> #@include common-session
> #from common-session
> session required        pam_unix.so  
> 
> --sean
> 
> Mike Garfias wrote:
> 
> >Thats just it.  There are no messages from it.
> >
> >It simply will NOT query pam.
> >
> >I have AuthPAM set to on, it loads up the mod_auth_pam module on startup.
> >Hell, I've run stack traces on it, and there are no pam calls anywhere in 
> >the output.
> >
> >
> >sean spoke forth with the blessed manuscript:
> > 
> >
> >>I hate responding to myself but it seems odd that you are having trouble 
> >>getting proftpd to work with pam ... there's a full readme on the 
> >>subject if you google proftpd pam.  Are there any error messages you can 
> >>share?
> >>
> >>--sean
> >>
> >>sean wrote:
> >>
> >>   
> >>
> >>>Proftpd does all this I think.  I'm really super satisfied with our 
> >>>setup.
> >>>
> >>>--sean
> >>>
> >>>Mike Garfias wrote:
> >>>
> >>>     
> >>>
> >>>>I'm in need of an ftpd that doesn't suck.
> >>>>
> >>>>Must haves:     PAM support - it has to play nicely with pam_pgsql
> >>>>  Configurable (I want to chroot the ftpd to a specific dir)
> >>>>  must be able to turn anon OFF
> >>>>  must be able restrict user logins to only a couple of sessions
> >>>>  must run from inetd (acutally xinetd, but whatever)
> >>>>
> >>>>I've tried pure-ftpd, and it blew up saying it couldn't set 
> >>>>capabilities.
> >>>>Some kernel issue here, and I'm not going to rebuild a kernel on a 
> >>>>production
> >>>>system cuz the ftpd isn't happy.
> >>>>
> >>>>I've also tried proftpd - it absolutely refuses to try and auth 
> >>>>against pam.
> >>>>
> >>>>Vsftp wasn't very granular, and had issues with pam and chroot() 
> >>>>stuff (it was
> >>>>TOO locked down).
> >>>>
> >>>>Anything else I can try?
> >>>>---------------------------------------------------
> >>>>PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >>>>To subscribe, unsubscribe, or to change  you mail settings:
> >>>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>>>
> >>>>
> >>>>       
> >>>>
> >>>---------------------------------------------------
> >>>PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >>>To subscribe, unsubscribe, or to change  you mail settings:
> >>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>>     
> >>>
> >>---------------------------------------------------
> >>PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >>To subscribe, unsubscribe, or to change  you mail settings:
> >>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>
> >>
> >>
> >>
> >>   
> >>
> >---------------------------------------------------
> >PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >To subscribe, unsubscribe, or to change  you mail settings:
> >http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > 
> >
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> !DSPAM:11,4407acae179311932458107!
> 
> 


More information about the PLUG-discuss mailing list