From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ddv@nevod.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.2.4
Message-ID: <48C8BA41.5020900@nevod.ru>
Date: Thu, 11 Sep 2008 12:27:13 +0600
From: =?UTF-8?B?0JTQtdCz0YLRj9GA0ZHQsiDQlNC80LjRgtGA0LjQuQ==?= <ddv@nevod.ru>
User-Agent: Thunderbird 2.0.0.14 (X11/20080508)
MIME-Version: 1.0
To: ALT Linux Community general discussions <community@lists.altlinux.org>
Content-Type: multipart/mixed; boundary="------------020007060108080306080403"
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [Comm] ProFTP + PAM
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Community general discussions
	<community@lists.altlinux.org>
List-Id: ALT Linux Community general discussions <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2008 06:24:14 -0000
Archived-At: <http://lore.altlinux.org/community/48C8BA41.5020900@nevod.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

This is a multi-part message in MIME format.
--------------020007060108080306080403
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Добрый день!

На Linux машине есть много пользователей из AD. Теперь понадобилось 
через FTP ходить в домашние каталоги.

ProFTP ни в какую не хочет использовать PAM.

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth     include        system-auth-krb
auth     required       pam_listfile.so item=user sense=deny 
file=/etc/ftpusers onerr=succeed
auth     required       pam_shells.so
auth     required       pam_nologin.so
account  include        system-auth-krb
password required       pam_deny.so
session  required       pam_deny.so

Через system-auth-krb работают без проблем samba, login, ssh и др.

Модуль mod_auth_pam присутствует
# proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_dso.c
  mod_auth_pam.c
  mod_readme.c
  mod_wrap.c
  mod_df.c
  mod_codeconv.c
  mod_cap.c
  mod_ctrls.c


В конфиге /etc/proftpd.conf:
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c



Запускаю proftpd в отладочном режиме и вижу, что используется только 
mod_auth_unix
server (196.233.150.123[196.233.150.123]) - connected - local  : 
192.168.0.1:2vasyaerver (196.233.150.123[196.233.150.123]) - connected - 
remote : 196.233.150.123:37377
server (196.233.150.123[196.233.150.123]) - FTP session opened.
server - FS: using system lstat()
server - FS: using system lstat()
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD command 
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting 
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'USER vasya' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_wrap
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getpwnam" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - stashed module 
'mod_auth_unix.c' for user 'vasya' in the authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"gid2name" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - using module 
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"auth" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - ROOT PRIVS at 
mod_auth_unix.c:423
server (196.233.150.123[196.233.150.123]) - RELINQUISH PRIVS at 
mod_auth_unix.c:462
server (196.233.150.123[196.233.150.123]) - using module 
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"check" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - USER vasya (Login failed): 
Incorrect password.
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD_ERR 
command 'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting 
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: delaying for 
25362 usecs
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'QUIT' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - emptying authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - FTP session closed.

Что не так?

--------------020007060108080306080403
Content-Type: text/x-vcard; charset=utf-8;
 name="ddv.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="ddv.vcf"

YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6PUQwPTk0PUQwPUJDPUQwPUI4PUQx
PTgyPUQxPTgwPUQwPUI4PUQwPUI5ID1EMD05ND1EMD1CNT1EMD1CMz1EMT04Mj1EMT04Rj0N
Cgk9RDE9ODA9RDE9OTE9RDA9QjINCm47cXVvdGVkLXByaW50YWJsZTtxdW90ZWQtcHJpbnRh
YmxlOj1EMD05ND1EMD1CNT1EMD1CMz1EMT04Mj1EMT04Rj1EMT04MD1EMT05MT1EMD1CMjs9
RDA9OTQ9RDA9QkM9RDA9Qjg9RDE9ODI9RDE9ODA9RDA9Qjg9RDA9QjkNCm9yZztxdW90ZWQt
cHJpbnRhYmxlOj1EMD05RT1EMD05RT1EMD05RSAiPUQwPTlEPUQwPTk1PUQwPTkyPUQwPTlF
PUQwPTk0Ig0KYWRyO3F1b3RlZC1wcmludGFibGU7cXVvdGVkLXByaW50YWJsZTtxdW90ZWQt
cHJpbnRhYmxlO3F1b3RlZC1wcmludGFibGU6Ozs9RDA9OUE9RDA9QkU9RDA9QkM9RDE9ODE9
RDA9QkU9RDA9QkM9RDA9QkU9RDA9QkI9RDE9OEM9RDE9ODE9RDA9QkE9RDA9Qjg9RDA9DQoJ
PUI5ID1EMD1CRj1EMT04MD1EMD1CRT1EMT04MT1EMD1CRj1EMD1CNT1EMD1CQT1EMT04MiAz
NCwgPUQwPUJFPUQxPTg0PUQwPUI4PQ0KCT1EMT04MSA1MTk7PUQwPTlGPUQwPUI1PUQxPTgw
PUQwPUJDPUQxPThDOz1EMD05Rj1EMD1CNT1EMT04MD1EMD1CQz1EMT04MT1EMD1CQT1EMD1C
OD1EMD1COSA9RDA9QkE9RDE9ODA9RDA9QjA9RDA9Qjk9DQoJOzYxNDAwMDs9RDA9QTA9RDA9
QkU9RDE9ODE9RDE9ODE9RDA9Qjg9RDA9Qjk9RDE9ODE9RDA9QkE9RDA9QjA9RDE9OEYgPUQw
PUE0PUQwPUI1PQ0KCT1EMD1CND1EMD1CNT1EMT04MD1EMD1CMD1EMT04Nj1EMD1COD1EMT04
Rg0KZW1haWw7aW50ZXJuZXQ6ZGR2QG5ldm9kLnJ1DQp0aXRsZTtxdW90ZWQtcHJpbnRhYmxl
Oj1EMD1BMT1EMD1COD1EMT04MT1EMT04Mj1EMD1CNT1EMD1CQz1EMD1CRD1EMT04Qj1EMD1C
OSA9RDA9Qjg9RDA9QkQ9RDE9ODI9DQoJPUQwPUI1PUQwPUIzPUQxPTgwPUQwPUIwPUQxPTgy
PUQwPUJFPUQxPTgwDQp0ZWw7d29yazorNzM0MjIxOTY5NjAsKzczNDIyMzg1MzA5DQp0ZWw7
Y2VsbDorNzkwODI1NTUzODYNCngtbW96aWxsYS1odG1sOkZBTFNFDQp1cmw6d3d3Lm5ldm9k
LnJ1DQp2ZXJzaW9uOjIuMQ0KZW5kOnZjYXJkDQoNCg==
--------------020007060108080306080403--