standard ftpd and PAM

Martin P. Hellwig mhellwig at
Fri Jan 21 09:48:11 PST 2005

Joerg Sonnenberger wrote:
On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:

So from this behaviour I think I could conclude that:
- ftpd recieves a logon request for a user
- pam gets a authentication request by ftpd
- pam looks up an entry for ftpd (can't find any) falls back to other 
(can't find that either, I commented both out) and says "no modules 
loaded for `ftpd' service"
- ftpd recieves an "auth_pam" Permission denied" by PAM
- ftpd falls back to "internal" mechanisme to resolve authentication.

Is the above a correct assumption?

Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
(b) local passwords (should be removed). I think it is mostly historic garbage,
which doesn't belong into the system anymore. It could be argued that even
the handling of anonymous FTP doesn't belong into ftpd anymore.

Is there any way to make pam itself be more verbose?

IIRC you could add verbosity settings for some of the modules, but RTFM.
I will read the fuzzy manpages ;-)

Is there an application (provided the above was correct) what doesn't 
use an internal fallback for authentication?

Most PAM users have no internal fallback support. But we don't have very much
PAM users in base anyway, and those do.

Thanks, this makes it alot easier to guess what the expected behaviour 
should be.


More information about the Users mailing list