Re: ftpd PAM
On Thu, Apr 21, 2005 at 05:24:53PM +0200, Ivan Voras wrote: Does stock ftpd know about PAM? I can't seem to log in via ftp with users that are on my LDAP server (but I can with a local user that's in /etc/passwd). ___ Yes, see /etc/pam.d/ftpd. - Christian -- Christian Brueffer [EMAIL PROTECTED] [EMAIL PROTECTED] GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D pgpw18Evl08jW.pgp Description: PGP signature
Re: ftpd PAM
On 4/21/05, Ivan Voras [EMAIL PROTECTED] wrote: Does stock ftpd know about PAM? I can't seem to log in via ftp with users that are on my LDAP server (but I can with a local user that's in /etc/passwd). Which version of FreeBSD, and what does your PAM configuration for ftpd look like? /etc/pam.conf- 5.x /etc/pam.d/ftpd - 5.x+ Scot ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftpd PAM
Scot Hetzel wrote: Which version of FreeBSD, and what does your PAM configuration for ftpd look like? Oh yes, thanks, I forgot not all services had pam_ldap line added when we switched to LDAP :) (it works now) A related question: for some reasons, I want to allow FTP only from+to localhost. I know how to do it with firewalls, but wanted to experiment with hosts.allow. This is how the start of my hosts.allow looks like: # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a First match wins basis. in.ftpd: LOCAL: allow in.ftpd: ALL: deny ALL : ALL : allow I constructed the in.ftpd lines by looking at other examples and the man page, but it doesn't seem to work - I can login from another machine on the same network. ALl machines have proper (global) DNS entries so I don't think this should fall under the manual excerpt: LOCAL Matches any host whose name does not contain a dot character. ... or does it? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ftpd PAM
On Thursday, April 21, 2005 5:48 PM, Ivan Voras unleashed the infinite monkeys and produced: in.ftpd: LOCAL: allow in.ftpd: ALL: deny ALL : ALL : allow I constructed the in.ftpd lines by looking at other examples and the man page, but it doesn't seem to work - I can login from another machine on the same network. ALl machines have proper (global) DNS entries so I don't think this should fall under the manual excerpt: LOCAL Matches any host whose name does not contain a dot character. Which will include any host in the same domain (or at least anything where you can do host fred and get an IP back. Try: in.ftpd: 127.0.0.1: allow in.ftpd: ALL: deny Instead -- Rob | Oh my God! They killed init! You bastards! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]