2014-03-23 19:45 GMT-04:00  Dmitri Pal <d...@redhat.com>
> 2014-03-23 9:01 GMT+01:00 John Obaterspok <john.obaters...@gmail.com>:
> >
> > Hello,
> >
> > How do I get vsftpd login to work with an existing ticket?
> > I've added ftp as an identity service (ftp/ipaserver.my....@my.lan)
> > Is there anything else I need to do to allow ftp login to vsftpd?
> What ftp client and server are you using?
> Do you know whether they are actually supporting Kerberos?
> May be consider other tools like scp instead?

I'm using vsftpd with default settings in Fedora 20 + ftp client from
krb5-appl-clients. vsftpd is linked to pam, gssapi_krb5, and more.
/etc/pam.d/vsftpd looks like this:

session    optional     pam_keyinit.so    force revoke
auth       required     pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth       required     pam_shells.so
auth       include      password-auth
account    include      password-auth
session    required     pam_loginuid.so
session    include      password-auth

 Perhaps I need to change something in the pam file in order to allow sso?

-- john

Freeipa-users mailing list

Reply via email to