* [Comm] ProFTP + PAM
@ 2008-09-11 6:27 Дегтярёв Дмитрий
0 siblings, 0 replies; only message in thread
From: Дегтярёв Дмитрий @ 2008-09-11 6:27 UTC (permalink / raw)
To: ALT Linux Community general discussions
[-- Attachment #1: Type: text/plain, Size: 6301 bytes --]
Добрый день!
На Linux машине есть много пользователей из AD. Теперь понадобилось
через FTP ходить в домашние каталоги.
ProFTP ни в какую не хочет использовать PAM.
# cat /etc/pam.d/proftpd
#%PAM-1.0
auth include system-auth-krb
auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth required pam_nologin.so
account include system-auth-krb
password required pam_deny.so
session required pam_deny.so
Через system-auth-krb работают без проблем samba, login, ssh и др.
Модуль mod_auth_pam присутствует
# proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_dso.c
mod_auth_pam.c
mod_readme.c
mod_wrap.c
mod_df.c
mod_codeconv.c
mod_cap.c
mod_ctrls.c
В конфиге /etc/proftpd.conf:
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
Запускаю proftpd в отладочном режиме и вижу, что используется только
mod_auth_unix
server (196.233.150.123[196.233.150.123]) - connected - local :
192.168.0.1:2vasyaerver (196.233.150.123[196.233.150.123]) - connected -
remote : 196.233.150.123:37377
server (196.233.150.123[196.233.150.123]) - FTP session opened.
server - FS: using system lstat()
server - FS: using system lstat()
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'USER vasya' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD command
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command
'USER vasya' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'PASS (hidden)' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'PASS (hidden)' to mod_wrap
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"getpwnam" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - stashed module
'mod_auth_unix.c' for user 'vasya' in the authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"gid2name" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - using module
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"auth" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - ROOT PRIVS at
mod_auth_unix.c:423
server (196.233.150.123[196.233.150.123]) - RELINQUISH PRIVS at
mod_auth_unix.c:462
server (196.233.150.123[196.233.150.123]) - using module
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"check" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - USER vasya (Login failed):
Incorrect password.
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD_ERR
command 'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: delaying for
25362 usecs
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR
command 'PASS (hidden)' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR
command 'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'QUIT' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching CMD command
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command
'QUIT' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - emptying authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - FTP session closed.
Что не так?
[-- Attachment #2: ddv.vcf --]
[-- Type: text/x-vcard, Size: 1111 bytes --]
begin:vcard
fn;quoted-printable:=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9 =D0=94=D0=B5=D0=B3=D1=82=D1=8F=
=D1=80=D1=91=D0=B2
n;quoted-printable;quoted-printable:=D0=94=D0=B5=D0=B3=D1=82=D1=8F=D1=80=D1=91=D0=B2;=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9
org;quoted-printable:=D0=9E=D0=9E=D0=9E "=D0=9D=D0=95=D0=92=D0=9E=D0=94"
adr;quoted-printable;quoted-printable;quoted-printable;quoted-printable:;;=D0=9A=D0=BE=D0=BC=D1=81=D0=BE=D0=BC=D0=BE=D0=BB=D1=8C=D1=81=D0=BA=D0=B8=D0=
=B9 =D0=BF=D1=80=D0=BE=D1=81=D0=BF=D0=B5=D0=BA=D1=82 34, =D0=BE=D1=84=D0=B8=
=D1=81 519;=D0=9F=D0=B5=D1=80=D0=BC=D1=8C;=D0=9F=D0=B5=D1=80=D0=BC=D1=81=D0=BA=D0=B8=D0=B9 =D0=BA=D1=80=D0=B0=D0=B9=
;614000;=D0=A0=D0=BE=D1=81=D1=81=D0=B8=D0=B9=D1=81=D0=BA=D0=B0=D1=8F =D0=A4=D0=B5=
=D0=B4=D0=B5=D1=80=D0=B0=D1=86=D0=B8=D1=8F
email;internet:ddv@nevod.ru
title;quoted-printable:=D0=A1=D0=B8=D1=81=D1=82=D0=B5=D0=BC=D0=BD=D1=8B=D0=B9 =D0=B8=D0=BD=D1=82=
=D0=B5=D0=B3=D1=80=D0=B0=D1=82=D0=BE=D1=80
tel;work:+73422196960,+73422385309
tel;cell:+79082555386
x-mozilla-html:FALSE
url:www.nevod.ru
version:2.1
end:vcard
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-09-11 6:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-09-11 6:27 [Comm] ProFTP + PAM Дегтярёв Дмитрий
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git