FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-28-2008, 10:12 AM
fedora
 
Default Fedora 9: Pure-ftpd authentication with pam ??

Hi listers
you may tell me that this is ot for this list, but the pure-ftpd mailing
list is as inactive as can be.


I installed Fedora 9 from the live-CD. then, using
System/Administration/Add-Remove Software, I installed pure-ftpd.


Here, all authentication uses pam-ldap which works fine for login, ssh, ...

But with pure-ftpd it just does not work.

in ldap I created a user called taxi just to be flexible to change
attributes.


[taxi@vidigal ~]$ id taxi
uid=1084(taxi) gid=1000(webdesign) groups=1000(webdesign)
[taxi@vidigal ~]$

when i do an ssh logon to taxi:

[myuser@rosetta ~]$ ssh taxi@vidigal
taxi@vidigal.lan's password:
Last login: Wed May 28 13:02:29 2008
[taxi@vidigal ~]$

that is: pam-ldap for user taxi works fine. user taxi also has a valid
home-directory on the ftp-server.


when, however, I do an ftp-login I get:

[myuser@rosetta ~]$ ftp vidigal.lan
Connected to vidigal.lan (192.168.97.17).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 11:39. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (vidigal.lan:cellino): taxi
331 User taxi OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>


/etc/pam.d/pure-ftpd
[taxi@vidigal ~]$ cat /etc/pam.d/pure-ftpd
#%PAM-1.0

# Sample PAM configuration file for Pure-FTPd.
# Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf

auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed

auth include system-auth
auth required pam_shells.so
auth required pam_nologin.so

account include system-auth

password include system-auth

session include system-auth

[taxi@vidigal ~]$


we do not use the /etc/ftpusers file sofar, the file does not exist. so
the first step in the auth-sequence must succeed.


/etc/pam.d/system-auth:
[taxi@vidigal ~]$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok

password sufficient pam_ldap.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid

session required pam_unix.so
session optional pam_ldap.so
[taxi@vidigal ~]$


I checked to see if the pure-ftpd does an ldap-request, when I try to
ftp-login: yes he does and he gets a positive reply from the
ldap-server, when doing the bind with the authentication parameters for
taxi.


the login failure then must be caused by additional pam.d/pure-ftpd
activities


so I checked to see, whether the shell of taxi (/bin/bash) is in
/etc/shells. yes it is.

and there is no /etc/nologin file on the ftp-server.

has anyone got an idea, how I have to change the environment in order to
make pure-ftpd accept pam authentication?


changing to another ftp-server is no option, because i need the
virtual-ftp-accounts provided by pure-ftpd.


thanks for any information

suomi

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 12:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org