From: Novikov Yuriy <yurik@opencom.ru>
To: Sysadmins@lists.altlinux.org
Subject: [Sysadmins] vsftpd pam-mysql problem
Date: Fri, 11 Dec 2009 11:04:55 +0300
Message-ID: <4B21FD27.7030106@opencom.ru> (raw)
Добрый день,
поиск и гугление не к чему не привели,
Столкнулся с проблемой авторизации vsftpd через mysql
создал базу, дал права пользователю vsftpd
написал конфиг:
Код:
anonymous_enable=NO
local_enable=YES
check_shell=NO
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
#secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_enable=YES
guest_username=vsftpd
local_root=/var/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf
в /etc/pam.d/vsftpd
Код:
auth required pam_mysql.so user=vsftpd passwd=xxx host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2 verbose=1 debug=1
account required pam_mysql.so user=vsftpd passwd=xxx host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2 verbose=1 debug=1
проверял от разных пользователей в том числе от рута и с разными типами
шифрования и без...
результат один.
530 Login incorrect
привожу логи
Код:
Dec 11 09:52:16 alta xinetd[23494]: START: ftp pid=24927 from=xx.xx.xx.xx
Dec 11 09:52:16 alta vsftpd: pam_mysql - option verbose is set to "1"
Dec 11 09:52:16 alta vsftpd: pam_mysql - option debug is set to "1"
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_close_db() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_sm_authenticate() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_open_db() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_open_db() returning 0.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_check_passwd() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_format_string() called
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_quick_escape() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - SELECT pass FROM accounts WHERE username = 'testuser'
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_check_passwd() returning 6.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_sql_log() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_sql_log() returning 0.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_converse() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_sm_authenticate() returning 3.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_release_ctx() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_destroy_ctx() called.
Dec 11 09:52:17 alta vsftpd: pam_mysql - pam_mysql_close_db() called.
и /var/log/vsftpd.log
Код:
Fri Dec 11 09:54:37 2009 [pid 25008] CONNECT: Client "xxx"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", "220 (vsFTPd 2.0.6)"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP command: Client "xxx", "FEAT"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", "211-Features:"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " EPRT??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " EPSV??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " MDTM??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " PASV??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " REST STREAM??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " SIZE??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " TVFS??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", " UTF8??"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", "211 End"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP command: Client "xxx", "OPTS UTF8 ON"
Fri Dec 11 09:54:37 2009 [pid 25008] FTP response: Client "xxx", "200 Always in UTF8 mode."
Fri Dec 11 09:54:37 2009 [pid 25008] FTP command: Client "xxx", "USER testuser"
Fri Dec 11 09:54:37 2009 [pid 25008] [testuser] FTP response: Client "xxx", "331 Please specify the password."
Fri Dec 11 09:54:37 2009 [pid 25008] [testuser] FTP command: Client "xxx", "PASS <password>"
Fri Dec 11 09:54:38 2009 [pid 25007] [testuser] FAIL LOGIN: Client "xxx"
Fri Dec 11 09:54:39 2009 [pid 25008] [testuser] FTP response: Client "xxx", "530 Login incorrect."
Fri Dec 11 09:54:39 2009 [pid 25008] FTP command: Client "xxx", "PWD"
Fri Dec 11 09:54:39 2009 [pid 25008] FTP response: Client "xxx", "530 Please login with USER and PASS."
Хотелось бы услышать Ваши мнения на сей счёт.
next reply other threads:[~2009-12-11 8:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-11 8:04 Novikov Yuriy [this message]
2009-12-11 9:00 ` Anton Gorlov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B21FD27.7030106@opencom.ru \
--to=yurik@opencom.ru \
--cc=Sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git