DragonFly BSD
DragonFly users List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: standard ftpd and PAM


From: "Martin P. Hellwig" <mhellwig@xxxxxxxxx>
Date: Fri, 21 Jan 2005 14:34:43 +0100

Joerg Sonnenberger wrote:
On Thu, Jan 20, 2005 at 11:07:27PM +0100, Martin P. Hellwig wrote:

Martin P. Hellwig wrote:

Hello all,

I am lately fooling around with pam trying to understand it.
So my hypothese was when I enable ftp via inetd.conf and comment out all rules in /etc/pam.conf I should not be able to login.

By all I mean the ones regarding ftpd


I just wanted to ask that :) There's a fallback default called "other".

Joerg
I commented "other" too now, when I log in now (from my work) I get the following in syslog:

Jan 21 12:26:05 xinagnet ftpd[15290]: connection from 213.126.48.224.ip.onderwijs.casematelecom.nl (213.126.48.224)
Jan 21 12:26:10 xinagnet ftpd[15290]: no modules loaded for `ftpd' service
Jan 21 12:26:10 xinagnet kernel: Jan 21 12:26:10 xinagnet ftpd[15290]: no modules loaded for `ftpd' service
Jan 21 12:26:10 xinagnet ftpd[15290]: auth_pam: Permission denied
Jan 21 12:26:10 xinagnet kernel: Jan 21 12:26:10 xinagnet ftpd[15290]: auth_pam: Permission denied
Jan 21 12:26:10 xinagnet ftpd[15290]: FTP LOGIN FROM 213.126.48.224.ip.onderwijs.casematelecom.nl as martin


when I don't comment out the "other" I get:
Jan 21 12:41:48 xinagnet ftpd[15345]: connection from 213.126.48.224.ip.onderwijs.casematelecom.nl (213.126.48.224)
Jan 21 12:41:52 xinagnet ftpd[15345]: FTP LOGIN FROM 213.126.48.224.ip.onderwijs.casematelecom.nl as martin


++++++++++
So from this behaviour I think I could conclude that:
- ftpd recieves a logon request for a user
- pam gets a authentication request by ftpd
- pam looks up an entry for ftpd (can't find any) falls back to other (can't find that either, I commented both out) and says "no modules loaded for `ftpd' service"
- ftpd recieves an "auth_pam" Permission denied" by PAM
- ftpd falls back to "internal" mechanisme to resolve authentication.


Is the above a correct assumption?
Is there any way to make pam itself be more verbose?
Is there an application (provided the above was correct) what doesn't use an internal fallback for authentication?


--
mph




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]