Date: Thu, 14 Aug 2014 11:30:21 +0200 From: Rainer Duffner <rainer@ultra-secure.de> To: freebsd-stable@freebsd.org Subject: Question about PAM in FreeBSD 9.2+ Message-ID: <20140814113021.3d297996@suse3.ewadmin.local>
next in thread | raw e-mail | index | archive | help
Hi, I've got a pure-ftpd configuration that uses PAM and the following configuration file in /etc/pam.d/pure-ftpd: auth sufficient /usr/local/lib/pam_ldap.so auth required pam_nologin.so auth required pam_unix.so nullok account required pam_permit.so session required pam_permit.so This has worked since FreeBSD 6 (or 5) until FreeBSD 9.1 Howver, after upgrading to FreeBSD 9.2 (and 9.3 and probably 10), it does not work anymore. Mapping UIDs/GIDs from LDAP still works, but login in via FTP does not work anymore. I tried a slightly different pam.d configuration, after studying the handbook: auth sufficient /usr/local/lib/pam_ldap.so debug auth required pam_nologin.so auth required pam_unix.so try_first_pass account required pam_permit.so account required /usr/local/lib/pam_ldap.so debug ignore_authinfo_unavail ignore_unknown_user session required pam_permit.so but this does not work, either. Aug 14 11:21:29 mysrv pure-ftpd: (?@127.0.0.1) [DEBUG] Command [user][myuser] Aug 14 11:21:37 mysrv pure-ftpd: (?@127.0.0.1) [DEBUG] Command [pass] [<*>] Aug 14 11:21:37 mysrv pure-ftpd: in openpam_dispatch(): calling pam_sm_authenticate() in /usr/local/lib/pam_ldap.so Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_user(): entering Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): entering: PAM_USER Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_user(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_data(): entering: 'PADL-LDAP-SESSION-DATA' Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_data(): returning PAM_NO_MODULE_DATA Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_data(): entering: 'PADL-LDAP-SESSION-DATA' Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_data(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): entering: PAM_AUTHTOK Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): entering: PAM_CONV Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_item(): entering: PAM_AUTHTOK Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_item(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): entering: PAM_AUTHTOK Aug 14 11:21:37 mysrv pure-ftpd: in pam_get_item(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_data(): entering: 'PADL-LDAP-AUTH-DATA' Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_data(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_item(): entering: PAM_USER Aug 14 11:21:37 mysrv pure-ftpd: in pam_set_item(): returning PAM_SUCCESS Aug 14 11:21:37 mysrv pure-ftpd: in openpam_dispatch(): /usr/local/lib/pam_ldap.so: pam_sm_authenticate(): success Aug 14 11:21:37 mysrv pure-ftpd: in openpam_dispatch(): calling pam_sm_setcred() in /usr/local/lib/pam_ldap.so Aug 14 11:21:37 mysrv pure-ftpd: in openpam_dispatch(): /usr/local/lib/pam_ldap.so: pam_sm_setcred(): success Aug 14 11:21:45 mysrv pure-ftpd: (?@127.0.0.1) [DEBUG] Command [quit] [] What changed between FreeBSD 9.1 and FreeBSD 9.2? How can I fix this? Best Regards, Rainer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140814113021.3d297996>