Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Problem with proftpd and PAM
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Ti_Uhl
n00b
n00b


Joined: 28 Nov 2002
Posts: 6
Location: Belgium
PostPosted: Fri Dec 06, 2002 2:19 pm    Post subject: Problem with proftpd and PAM Reply with quote
Hello,

When i try to login to my proftpd server it keeps saying login failed. I use pam to login and i know that the passwords and loginnames are correct.....

Code:
#%PAM-1.0
auth   required   pam_pwdb.so   nodelay shadow
account   required   pam_pwdb.so
password   required   pam_pwdb.so   shadow nullok use_authtok
session   required   pam_pwdb.so


Thx anyway
Back to top
View user's profile Send private message
474
l33t
l33t


Joined: 19 Apr 2002
Posts: 714
PostPosted: Sat Dec 07, 2002 8:54 pm    Post subject: Reply with quote
Have you checked any log files? Are your config files in /etc merged in and up-to-date? I just checked my proftpd.conf file and noticed that I had:
Code:
AuthPAM             off
AuthPAMConfig       ftp

which works. I tried enabling AuthPAM, restarted ProFTPD and it still worked. I'm using pam-0.75-r10 and proftpd-1.2.7_rc3. Here's my /etc/pam.d/ftp file:
Code:
#%PAM-1.0
auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so
Back to top
View user's profile Send private message
frogger
n00b
n00b


Joined: 05 Dec 2002
Posts: 35
PostPosted: Sat Dec 07, 2002 9:26 pm    Post subject: Reply with quote
Although this doesn't answer your question... Do you REALLY need to be running ftp? The idea of sending passwords plain text just doesn't appeal to me.

Might I suggest using sftp instead (part of openssh)? Much better security.
Back to top
View user's profile Send private message
474
l33t
l33t


Joined: 19 Apr 2002
Posts: 714
PostPosted: Sat Dec 07, 2002 9:52 pm    Post subject: Reply with quote
Quote:
Much better security.

Yes. But maybe it's not needed. He didn't say he was running an FTP server exposed over the Internet! You never know, maybe he's just using it for convenient transfers between a Windows box and his Linux box over a crossover Ethernet cable, instead of getting into the SMB hoopla or fussing over installing a Windows scp capable client. Don't get me wrong, I totally agree ;-) - but plain text authentication security issues aren't always of a massive precedence - depending on the user's requirements and setup. Nevertheless, I resolutely accept that it's always worth reminding people of the dangers of FTP and that I hadn't done so here.

Personally, I'm only using ProFTPD to experiment with and so that I can add it to my repertoire of sysadmin skills. I, for one, use SSH almost exclusively!
Back to top
View user's profile Send private message
SirronD
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2002
Posts: 100
Location: Oakland, CA
PostPosted: Fri Dec 20, 2002 1:16 am    Post subject: Had the same problem, here is how I fixed it Reply with quote
I recently updated from my old gentoo to the 1.4_rc1 (plus emerge updates).

I got around today to emerging proftpd, and on first use I had the same problem as you. I was using the same proftpd.conf as my old setup, so I thought everything would work the same but it did not.

I was able to get it working with the following updates fo configuration.
/etc/pam.d/ftp
Code:

#%PAM-1.0
auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required     /lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
auth       required     /lib/security/pam_shells.so

account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

Note: "auth required /lib/security/pam_shells.so" was previously commented out. I made the line active (removed the "#")

/etc/shells
Code:

# /etc/shells: valid login shells
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/shells,v 1.4 2002/11/18 19:39:22 azarah Exp $
/bin/sh
/bin/bash
/bin/tcsh
/bin/esh
/bin/ksh
/bin/zsh
/bin/sash
/bin/false

note: I added the line "/bin/false"

Then I restarted proftpd, and now it is working. Don't know why I needed to do this, as I did not have these configurations in my older gentoo system.

Hope this helps
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy