Skip site navigation (1)Skip section navigation (2) 
Date:      05 Mar 2002 16:46:54 -0700
From:      John-David Childs <freebsd@nterprise.net>
To:        freebsd-questions@freebsd.org
Subject:   pw EXPIRE field not honored by FTP/PAM (again)?
Message-ID:  <1015372014.14115.188.camel@lohr>
next in thread | raw e-mail | index | archive | help 
PR bin/20952 seems to have reared its ugly head again.  I'm using
password *and* account expire on an FTP server...but neither the
standard ftpd NOR proftpd honor an expired account, even though
sshd/login do.

Relevant entries in /etc/pam.conf

# If the user can authenticate with S/Key, that's sufficient; allow
# clear password. Try kerberos, then try plain unix password.
login   auth    sufficient      pam_skey.so
login   auth    requisite       pam_cleartext_pass_ok.so
#login  auth    sufficient      pam_kerberosIV.so              
try_first_pass

login   auth    required        pam_unix.so                    
try_first_pass

login   account required        pam_unix.so
login   password required       pam_permit.so
login   session required        pam_permit.so

# Same requirement for ftpd as login
ftpd    auth    sufficient      pam_skey.so
ftpd    auth    requisite       pam_cleartext_pass_ok.so
#ftpd   auth    sufficient      pam_kerberosIV.so              
try_first_pass
ftpd    auth    required        pam_unix.so                    
try_first_pass

THE NEXT THREE LINES are the only diff to /etc/pam.conf version 1.6.2.13
(RELENG_4 and RELEASE-4-5-0).  I was trying to set ftpd up *exactly* as
login.  I've tried with and without these lines:

ftpd    account required        pam_unix.so
ftpd    password required       pam_permit.so
ftpd    session required        pam_permit.so

I've also tried adding "ftp" (in addition to "ftpd") lines in
/etc/pam.conf (for proftpd, even though the ports version changes
mod_pam.c to use "ftpd").

Heres the user I'm testing with:

taliacyn:/usr/local/libexec>pw usershow xfertest -P
Login Name: xfertest          #100          Group: users            
#100
 Full Name: Xfertest
      Home: /home/xfertest                  Class: 
     Shell: /bin/sh                        Office: [None]
Work Phone: [None]                     Home Phone: [None]
Acc Expire: Tue Mar  5 2002 00:00:00   Pwd Expire: Mon Mar  4 2002
15:45:19

Before I submit a PR, I want to double-check with this list that I'm not
doing something wrong...and/or that someone else can verify this report.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1015372014.14115.188.camel>