[Comm] ProFTP + PAM - Дегтярёв Дмитрий

ALT Linux Community general discussions
 help / color / mirror / Atom feed

From: "Дегтярёв Дмитрий" <ddv@nevod.ru>
To: ALT Linux Community general discussions <community@lists.altlinux.org>
Subject: [Comm] ProFTP + PAM
Date: Thu, 11 Sep 2008 12:27:13 +0600
Message-ID: <48C8BA41.5020900@nevod.ru> (raw)

[-- Attachment #1: Type: text/plain, Size: 6301 bytes --]

Добрый день!

На Linux машине есть много пользователей из AD. Теперь понадобилось 
через FTP ходить в домашние каталоги.

ProFTP ни в какую не хочет использовать PAM.

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth     include        system-auth-krb
auth     required       pam_listfile.so item=user sense=deny 
file=/etc/ftpusers onerr=succeed
auth     required       pam_shells.so
auth     required       pam_nologin.so
account  include        system-auth-krb
password required       pam_deny.so
session  required       pam_deny.so

Через system-auth-krb работают без проблем samba, login, ssh и др.

Модуль mod_auth_pam присутствует
# proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_dso.c
  mod_auth_pam.c
  mod_readme.c
  mod_wrap.c
  mod_df.c
  mod_codeconv.c
  mod_cap.c
  mod_ctrls.c

В конфиге /etc/proftpd.conf:
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c

Запускаю proftpd в отладочном режиме и вижу, что используется только 
mod_auth_unix
server (196.233.150.123[196.233.150.123]) - connected - local  : 
192.168.0.1:2vasyaerver (196.233.150.123[196.233.150.123]) - connected - 
remote : 196.233.150.123:37377
server (196.233.150.123[196.233.150.123]) - FTP session opened.
server - FS: using system lstat()
server - FS: using system lstat()
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD command 
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting 
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'USER vasya' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_wrap
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getpwnam" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - stashed module 
'mod_auth_unix.c' for user 'vasya' in the authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"gid2name" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - using module 
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"auth" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - ROOT PRIVS at 
mod_auth_unix.c:423
server (196.233.150.123[196.233.150.123]) - RELINQUISH PRIVS at 
mod_auth_unix.c:462
server (196.233.150.123[196.233.150.123]) - using module 
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"check" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - USER vasya (Login failed): 
Incorrect password.
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD_ERR 
command 'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting 
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: delaying for 
25362 usecs
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'QUIT' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - emptying authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - FTP session closed.

Что не так?

[-- Attachment #2: ddv.vcf --]
[-- Type: text/x-vcard, Size: 1111 bytes --]

begin:vcard
fn;quoted-printable:=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9 =D0=94=D0=B5=D0=B3=D1=82=D1=8F=
	=D1=80=D1=91=D0=B2
n;quoted-printable;quoted-printable:=D0=94=D0=B5=D0=B3=D1=82=D1=8F=D1=80=D1=91=D0=B2;=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9
org;quoted-printable:=D0=9E=D0=9E=D0=9E "=D0=9D=D0=95=D0=92=D0=9E=D0=94"
adr;quoted-printable;quoted-printable;quoted-printable;quoted-printable:;;=D0=9A=D0=BE=D0=BC=D1=81=D0=BE=D0=BC=D0=BE=D0=BB=D1=8C=D1=81=D0=BA=D0=B8=D0=
	=B9 =D0=BF=D1=80=D0=BE=D1=81=D0=BF=D0=B5=D0=BA=D1=82 34, =D0=BE=D1=84=D0=B8=
	=D1=81 519;=D0=9F=D0=B5=D1=80=D0=BC=D1=8C;=D0=9F=D0=B5=D1=80=D0=BC=D1=81=D0=BA=D0=B8=D0=B9 =D0=BA=D1=80=D0=B0=D0=B9=
	;614000;=D0=A0=D0=BE=D1=81=D1=81=D0=B8=D0=B9=D1=81=D0=BA=D0=B0=D1=8F =D0=A4=D0=B5=
	=D0=B4=D0=B5=D1=80=D0=B0=D1=86=D0=B8=D1=8F
email;internet:ddv@nevod.ru
title;quoted-printable:=D0=A1=D0=B8=D1=81=D1=82=D0=B5=D0=BC=D0=BD=D1=8B=D0=B9 =D0=B8=D0=BD=D1=82=
	=D0=B5=D0=B3=D1=80=D0=B0=D1=82=D0=BE=D1=80
tel;work:+73422196960,+73422385309
tel;cell:+79082555386
x-mozilla-html:FALSE
url:www.nevod.ru
version:2.1
end:vcard

                 reply	other threads:[~2008-09-11  6:27 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48C8BA41.5020900@nevod.ru \
    --to=ddv@nevod.ru \
    --cc=community@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git