standard ftpd and PAM

Joerg Sonnenberger joerg at britannica.bec.de
Fri Jan 21 08:01:13 PST 2005


On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:
> So from this behaviour I think I could conclude that:
> - ftpd recieves a logon request for a user
> - pam gets a authentication request by ftpd
> - pam looks up an entry for ftpd (can't find any) falls back to other 
> (can't find that either, I commented both out) and says "no modules 
> loaded for `ftpd' service"
> - ftpd recieves an "auth_pam" Permission denied" by PAM
> - ftpd falls back to "internal" mechanisme to resolve authentication.
> 
> Is the above a correct assumption?

Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
(b) local passwords (should be removed). I think it is mostly historic garbage,
which doesn't belong into the system anymore. It could be argued that even
the handling of anonymous FTP doesn't belong into ftpd anymore.

> Is there any way to make pam itself be more verbose?

IIRC you could add verbosity settings for some of the modules, but RTFM.

> Is there an application (provided the above was correct) what doesn't 
> use an internal fallback for authentication?

Most PAM users have no internal fallback support. But we don't have very much
PAM users in base anyway, and those do.

Joerg

> 
> -- 
> mph





More information about the Users mailing list