From owner-freebsd-questions Wed Jun 20 11:54:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from shumai.marcuscom.com (rdu26-228-058.nc.rr.com [66.26.228.58]) by hub.freebsd.org (Postfix) with ESMTP id BF55A37B403; Wed, 20 Jun 2001 11:54:37 -0700 (PDT) (envelope-from marcus@marcuscom.com) Received: from localhost (marcus@localhost) by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f5KIsXR27847; Wed, 20 Jun 2001 14:54:33 -0400 (EDT) (envelope-from marcus@marcuscom.com) X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs Date: Wed, 20 Jun 2001 14:54:33 -0400 (EDT) From: Joe Clarke To: "Dan Mahoney, System Admin" Cc: , Subject: Re: ProFTPd In-Reply-To: Message-ID: <20010620145354.N10696-100000@shumai.marcuscom.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I've heard that PAM in 3.x is mostly broken, but this is what I use for ProFTPd in 4.3-RELEASE, and it works fine: ftp auth required pam_unix.so try_first_pass ftp account required pam_unix.so try_first_pass ftp session required pam_permit.so Joe Clarke On Wed, 20 Jun 2001, Dan Mahoney, System Admin wrote: > Hey, I am using proftpd 1.2.1, after a complete CVSup to 3.5-STABLE (this > is a production machine, going to 4 would cause way too many > headaches). Anyway, I get this classic error in my logs: > > Jun 20 14:24:02 prime proftpd[36049]: no modules loaded for `ftp' service > Jun 20 14:24:02 prime proftpd[36049]: prime.gushi.org (prime.gushi.org[127.0.0.1]) - PAM(danm): Permission denied. > Jun 20 14:24:02 prime proftpd[36049]: prime.gushi.org (prime.gushi.org[127.0.0.1]) - USER danm: Login successful. > > I've turned AuthPamAuthoritative off in proftpd.conf, but assuming I > hadn't, this FTPd would not work. > > I'd LIKE to use pam, as it allows me a bit more flexibility in doing this, > such as giving me an easy interface to one-time-passwords. If that's not > possible, how can I shut off all these stupid messages? > > > My /etc/pam.conf follows: > > # If the user can authenticate with S/Key, that's sufficient. > login auth sufficient pam_skey.so > > # Check skey.access to make sure it is OK to let the user type in > # a cleartext password. If not, then fail right here. > login auth requisite pam_cleartext_pass_ok.so > > # If you want KerberosIV authentication, uncomment the next line: > #login auth sufficient pam_kerberosIV.so > try_first_pass > > # Traditional getpwnam() authentication. > login auth required pam_unix.so > try_first_pass > > ftp auth required /usr/lib/pam_unix.so try_first_pass > ftp account required /usr/lib/pam_unix.so try_first_pass > ftp session required pam_unix.so try_first_pass > > # We've tried the above both ways, with and without path. > > other auth required pam_unix.so try_first_pass > other account required pam_unix.so try_first_pass > > Throw me a cc to this, as I'm not subscribed. > > -Dan > > -- > > "A mother can be an inspiration to her little son, change his thoughts, > his mind, his life, just with her gentle hum." > > -No Doubt, "Different People", from "Tragic Kingdom" > > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Web: http://prime.gushi.org > finger danm@prime.gushi.org > for pgp public key and tel# > --------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message