Java Mailing List Archive

http://www.redhatconfig.com/

Home » Red Hat Enterprise Linux 5 »

RE: [rhelv5-list] VSFTPd and LDAP

Coe, Colin C. (Unix Engineer)

2008-03-10

Replies:

Author LoginPost Reply

Hi Sam

I've been working on this but have not made much preogess.

The following vsftpd PAM config lets me in, regardless of the password.
If I uncomment the 'auth include system-auth' line then no password will
let me in.

I'm trying for something in the middle i.e. the correct password will
let me in :)

#%PAM-1.0
session   optional   pam_keyinit.so   force revoke
auth     required   pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth     sufficient  pam_ldap.so use_first_pass
auth     required   pam_shells.so
auth     required   pam_nologin.so
#auth     include   system-auth
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] pam_ldap.so
account   include    system-auth
password  required   pam_cracklib.so
password  sufficient  pam_ldap.so use_authok
session   include    system-auth
session   required   pam_loginuid.so

The following line gets logged in /var/log/secuure
Mar 11 12:15:29 server vsftpd: pam_unix(vsftpd:auth): authentication
failure; logname= uid=0 euid=0 tty=ftp ruser=user
rhost=localhost.localdomain user=user

Any ideas?

CC

________________________________

 From: rhelv5-list-bounces@(protected)
[mailto:rhelv5-list-bounces@(protected)
 Sent: Thursday, 6 March 2008 8:49 AM
 To: Red Hat Enterprise Linux 5 (Tikanga) discussion
mailing-list; Red Hat Enterprise Linux 5 (Tikanga) discussion
mailing-list
 Subject: RE: [rhelv5-list] VSFTPd and LDAP
 
 

 > We've got a server running ProFTPd that uses an OpenLDAP
server
 > for authentication. I want to migrate this over to EL5 and
VSFTPd.
 > I've googled and found many references to getting VSFTPd to
work
 > with LDAP via PAM but the problem is that the system itself
*must
 > not* use LDAP for non-FTP logins.
 
 I don't see why this is a problem. If you modify
/etc/pam.d/vsftpd
 to allow LDAP logins, but don't touch system-auth, then your
system
 can be not using PAM, while vsftpd happily is.
 
 I do this for lots of services... (but not vsftpd)
 
 --
 Sam


NOTICE: This email and any attachments are confidential.
They may contain legally privileged information or
copyright material. You must not read, copy, use or
disclose them without authorisation. If you are not an
intended recipient, please contact us at once by return
email and then delete both messages and all attachments.


_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list
©2008 redhatconfig.com - Jax Systems, LLC, U.S.A.