Date: Wed, 20 Jun 2001 14:54:33 -0400 (EDT) From: Joe Clarke <marcus@marcuscom.com> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org> Cc: <questions@FreeBSD.ORG>, <hackers@FreeBSD.ORG> Subject: Re: ProFTPd Message-ID: <20010620145354.N10696-100000@shumai.marcuscom.com> In-Reply-To: <Pine.BSF.4.21.0106201429200.36118-100000@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I've heard that PAM in 3.x is mostly broken, but this is what I use for ProFTPd in 4.3-RELEASE, and it works fine: ftp auth required pam_unix.so try_first_pass ftp account required pam_unix.so try_first_pass ftp session required pam_permit.so Joe Clarke On Wed, 20 Jun 2001, Dan Mahoney, System Admin wrote: > Hey, I am using proftpd 1.2.1, after a complete CVSup to 3.5-STABLE (this > is a production machine, going to 4 would cause way too many > headaches). Anyway, I get this classic error in my logs: > > Jun 20 14:24:02 prime proftpd[36049]: no modules loaded for `ftp' service > Jun 20 14:24:02 prime proftpd[36049]: prime.gushi.org (prime.gushi.org[127.0.0.1]) - PAM(danm): Permission denied. > Jun 20 14:24:02 prime proftpd[36049]: prime.gushi.org (prime.gushi.org[127.0.0.1]) - USER danm: Login successful. > > I've turned AuthPamAuthoritative off in proftpd.conf, but assuming I > hadn't, this FTPd would not work. > > I'd LIKE to use pam, as it allows me a bit more flexibility in doing this, > such as giving me an easy interface to one-time-passwords. If that's not > possible, how can I shut off all these stupid messages? > > > My /etc/pam.conf follows: > > # If the user can authenticate with S/Key, that's sufficient. > login auth sufficient pam_skey.so > > # Check skey.access to make sure it is OK to let the user type in > # a cleartext password. If not, then fail right here. > login auth requisite pam_cleartext_pass_ok.so > > # If you want KerberosIV authentication, uncomment the next line: > #login auth sufficient pam_kerberosIV.so > try_first_pass > > # Traditional getpwnam() authentication. > login auth required pam_unix.so > try_first_pass > > ftp auth required /usr/lib/pam_unix.so try_first_pass > ftp account required /usr/lib/pam_unix.so try_first_pass > ftp session required pam_unix.so try_first_pass > > # We've tried the above both ways, with and without path. > > other auth required pam_unix.so try_first_pass > other account required pam_unix.so try_first_pass > > Throw me a cc to this, as I'm not subscribed. > > -Dan > > -- > > "A mother can be an inspiration to her little son, change his thoughts, > his mind, his life, just with her gentle hum." > > -No Doubt, "Different People", from "Tragic Kingdom" > > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Web: http://prime.gushi.org > finger danm@prime.gushi.org > for pgp public key and tel# > --------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010620145354.N10696-100000>