I am not sure I fully understand your indications so I paste the contents of the files: /etc/pam.d/vsftpd
> #%PAM-1.0 > session optional pam_keyinit.so force revoke > auth required pam_listfile.so item=user sense=deny > file=/etc/vsftpd/ftpusers onerr=succeed > auth required pam_shells.so > auth include system-auth > account include system-auth > session include system-auth > session required pam_loginuid.so /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth [success=done new_authtok_reqd=done ignore=ignore default=bad] > pam_krb5.so minimum_uid=500 > auth sufficient pam_unix.so nullok try_first_pass uid < 500 > auth requisite pam_succeed_if.so uid >= 500 quiet > auth required pam_deny.so > auth required pam_tally.so onerr=fail no_magic_root > account [success=done new_authtok_reqd=done ignore=ignore default=bad] > pam_krb5.so minimum_uid=500 > account required pam_unix.so uid < 500 > account sufficient pam_succeed_if.so uid < 500 quiet > account required pam_permit.so > account required pam_tally.so per_user deny=5 no_magic_root_reset > password requisite pam_cracklib.so try_first_pass retry=3 > password [success=done new_authtok_reqd=done ignore=ignore default=bad] > pam_krb5.so minimum_uid=500 > password sufficient pam_unix.so md5 shadow nullok try_first_pass > use_authtok remember=7 > password required pam_deny.so > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in crond > quiet use_uid > session optional pam_krb5.so minimum_uid=500 > session required pam_unix.so On Mon, May 20, 2013 at 6:46 PM, Russ Allbery <[email protected]> wrote: > Tiago Elvas <[email protected]> writes: > > > As for the SSH, could you tell me how to accomplish that? In my initial > > attempts I believe I tried to set ccache name and dir but without > > success. > > Which Kerberos PAM module are you using? > > > The ftp server is vsftpd. Does this help? > > vsftpd's source appears to do the right thing. Try adding debug to the > PAM options line for vsftpd and see what syslog says about what's > happening. You should see a pam_auth -> pam_setcred -> pam_open_session > sequence at the start and a pam_close_session at the end of the FTP > session. > > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
