standard ftpd and PAM
joerg at britannica.bec.de
Fri Jan 21 08:01:13 PST 2005
On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:
> So from this behaviour I think I could conclude that:
> - ftpd recieves a logon request for a user
> - pam gets a authentication request by ftpd
> - pam looks up an entry for ftpd (can't find any) falls back to other
> (can't find that either, I commented both out) and says "no modules
> loaded for `ftpd' service"
> - ftpd recieves an "auth_pam" Permission denied" by PAM
> - ftpd falls back to "internal" mechanisme to resolve authentication.
> Is the above a correct assumption?
Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
(b) local passwords (should be removed). I think it is mostly historic garbage,
which doesn't belong into the system anymore. It could be argued that even
the handling of anonymous FTP doesn't belong into ftpd anymore.
> Is there any way to make pam itself be more verbose?
IIRC you could add verbosity settings for some of the modules, but RTFM.
> Is there an application (provided the above was correct) what doesn't
> use an internal fallback for authentication?
Most PAM users have no internal fallback support. But we don't have very much
PAM users in base anyway, and those do.
More information about the Users