Fedora 9: Pure-ftpd authentication with pam ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi listers
you may tell me that this is ot for this list, but the pure-ftpd mailing list is as inactive as can be.

I installed Fedora 9 from the live-CD. then, using System/Administration/Add-Remove Software, I installed pure-ftpd.

Here, all authentication uses pam-ldap which works fine for login, ssh, ...

But with pure-ftpd it just does not work.

in ldap I created a user called taxi just to be flexible to change attributes.

[taxi@vidigal ~]$ id taxi
uid=1084(taxi) gid=1000(webdesign) groups=1000(webdesign)
[taxi@vidigal ~]$

when i do an ssh logon to taxi:

[myuser@rosetta ~]$ ssh taxi@vidigal
taxi@xxxxxxxxxxx's password:
Last login: Wed May 28 13:02:29 2008
[taxi@vidigal ~]$

that is: pam-ldap for user taxi works fine. user taxi also has a valid home-directory on the ftp-server.

when, however, I do an ftp-login I get:

[myuser@rosetta ~]$ ftp vidigal.lan
Connected to vidigal.lan (192.168.97.17).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 11:39. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (vidigal.lan:cellino): taxi
331 User taxi OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>


/etc/pam.d/pure-ftpd
[taxi@vidigal ~]$ cat /etc/pam.d/pure-ftpd
#%PAM-1.0

# Sample PAM configuration file for Pure-FTPd.
# Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf

auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       include      system-auth
auth       required     pam_shells.so
auth       required     pam_nologin.so

account    include      system-auth

password   include      system-auth

session    include      system-auth

[taxi@vidigal ~]$


we do not use the /etc/ftpusers file sofar, the file does not exist. so the first step in the auth-sequence must succeed.

/etc/pam.d/system-auth:
[taxi@vidigal ~]$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so
[taxi@vidigal ~]$


I checked to see if the pure-ftpd does an ldap-request, when I try to ftp-login: yes he does and he gets a positive reply from the ldap-server, when doing the bind with the authentication parameters for taxi.

the login failure then must be caused by additional pam.d/pure-ftpd activities

so I checked to see, whether the shell of taxi (/bin/bash) is in /etc/shells. yes it is.
and there is no /etc/nologin file on the ftp-server.

has anyone got an idea, how I have to change the environment in order to make pure-ftpd accept pam authentication?

changing to another ftp-server is no option, because i need the virtual-ftp-accounts provided by pure-ftpd.

thanks for any information

suomi

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux