Hi listers
you may tell me that this is ot for this list, but the pure-ftpd mailing
list is as inactive as can be.
I installed Fedora 9 from the live-CD. then, using
System/Administration/Add-Remove Software, I installed pure-ftpd.
Here, all authentication uses pam-ldap which works fine for login, ssh, ...
But with pure-ftpd it just does not work.
in ldap I created a user called taxi just to be flexible to change
attributes.
[taxi@vidigal ~]$ id taxi
uid=1084(taxi) gid=1000(webdesign) groups=1000(webdesign)
[taxi@vidigal ~]$
when i do an ssh logon to taxi:
[myuser@rosetta ~]$ ssh taxi@vidigal
taxi@xxxxxxxxxxx's password:
Last login: Wed May 28 13:02:29 2008
[taxi@vidigal ~]$
that is: pam-ldap for user taxi works fine. user taxi also has a valid
home-directory on the ftp-server.
when, however, I do an ftp-login I get:
[myuser@rosetta ~]$ ftp vidigal.lan
Connected to vidigal.lan (192.168.97.17).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 11:39. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (vidigal.lan:cellino): taxi
331 User taxi OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
/etc/pam.d/pure-ftpd
[taxi@vidigal ~]$ cat /etc/pam.d/pure-ftpd
#%PAM-1.0
# Sample PAM configuration file for Pure-FTPd.
# Install it in /etc/pam.d/pure-ftpd or add to /etc/pam.conf
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth include system-auth
auth required pam_shells.so
auth required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
[taxi@vidigal ~]$
we do not use the /etc/ftpusers file sofar, the file does not exist. so
the first step in the auth-sequence must succeed.
/etc/pam.d/system-auth:
[taxi@vidigal ~]$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
[taxi@vidigal ~]$
I checked to see if the pure-ftpd does an ldap-request, when I try to
ftp-login: yes he does and he gets a positive reply from the
ldap-server, when doing the bind with the authentication parameters for
taxi.
the login failure then must be caused by additional pam.d/pure-ftpd
activities
so I checked to see, whether the shell of taxi (/bin/bash) is in
/etc/shells. yes it is.
and there is no /etc/nologin file on the ftp-server.
has anyone got an idea, how I have to change the environment in order to
make pure-ftpd accept pam authentication?
changing to another ftp-server is no option, because i need the
virtual-ftp-accounts provided by pure-ftpd.
thanks for any information
suomi
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
