DragonFly BSD
DragonFly users List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: standard ftpd and PAM


From: Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date: Fri, 21 Jan 2005 16:59:19 +0100
Mail-followup-to: users@crater.dragonflybsd.org

On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:
> So from this behaviour I think I could conclude that:
> - ftpd recieves a logon request for a user
> - pam gets a authentication request by ftpd
> - pam looks up an entry for ftpd (can't find any) falls back to other 
> (can't find that either, I commented both out) and says "no modules 
> loaded for `ftpd' service"
> - ftpd recieves an "auth_pam" Permission denied" by PAM
> - ftpd falls back to "internal" mechanisme to resolve authentication.
> 
> Is the above a correct assumption?

Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
(b) local passwords (should be removed). I think it is mostly historic garbage,
which doesn't belong into the system anymore. It could be argued that even
the handling of anonymous FTP doesn't belong into ftpd anymore.

> Is there any way to make pam itself be more verbose?

IIRC you could add verbosity settings for some of the modules, but RTFM.

> Is there an application (provided the above was correct) what doesn't 
> use an internal fallback for authentication?

Most PAM users have no internal fallback support. But we don't have very much
PAM users in base anyway, and those do.

Joerg

> 
> -- 
> mph



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]