RE: [rhelv5-list] VSFTPd and LDAP

Coe, Colin C. (Unix Engineer) Mon, 10 Mar 2008 20:25:11 -0700

Hi Sam

I've been working on this but have not made much preogess.


The following vsftpd PAM config lets me in, regardless of the password.
If I uncomment the 'auth include system-auth' line then no password will
let me in.

I'm trying for something in the middle i.e. the correct password will
let me in  :)

#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth       required     pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth       sufficient   pam_ldap.so use_first_pass
auth       required     pam_shells.so
auth       required     pam_nologin.so
#auth       include     system-auth
account  [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore]  pam_ldap.so
account    include      system-auth
password   required     pam_cracklib.so
password   sufficient   pam_ldap.so use_authok
session    include      system-auth
session    required     pam_loginuid.so

The following line gets logged in /var/log/secuure
Mar 11 12:15:29 server vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty=ftp ruser=user
rhost=localhost.localdomain  user=user

Any ideas?

CC

________________________________

        From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharpe, Sam J
        Sent: Thursday, 6 March 2008 8:49 AM
        To: Red Hat Enterprise Linux 5 (Tikanga) discussion
mailing-list; Red Hat Enterprise Linux 5 (Tikanga) discussion
mailing-list
        Subject: RE: [rhelv5-list] VSFTPd and LDAP
        
        

        > We've got a server running ProFTPd that uses an OpenLDAP
server
        > for authentication.  I want to migrate this over to EL5 and
VSFTPd.
        > I've googled and found many references to getting VSFTPd to
work
        > with LDAP via PAM but the problem is that the system itself
*must
        > not* use LDAP for non-FTP logins. 
        
        I don't see why this is a problem. If you modify
/etc/pam.d/vsftpd
        to allow LDAP logins, but don't touch system-auth, then your
system
        can be not using PAM, while vsftpd happily is.
        
        I do this for lots of services... (but not vsftpd)
        
        --
        Sam 


NOTICE: This email and any attachments are confidential. 
They may contain legally privileged information or 
copyright material. You must not read, copy, use or 
disclose them without authorisation. If you are not an 
intended recipient, please contact us at once by return 
email and then delete both messages and all attachments.


_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

RE: [rhelv5-list] VSFTPd and LDAP

Reply via email to