DragonFly users List (threaded) for 2005-01
Re: standard ftpd and PAM
On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:
> So from this behaviour I think I could conclude that:
> - ftpd recieves a logon request for a user
> - pam gets a authentication request by ftpd
> - pam looks up an entry for ftpd (can't find any) falls back to other
> (can't find that either, I commented both out) and says "no modules
> loaded for `ftpd' service"
> - ftpd recieves an "auth_pam" Permission denied" by PAM
> - ftpd falls back to "internal" mechanisme to resolve authentication.
> Is the above a correct assumption?
Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
(b) local passwords (should be removed). I think it is mostly historic garbage,
which doesn't belong into the system anymore. It could be argued that even
the handling of anonymous FTP doesn't belong into ftpd anymore.
> Is there any way to make pam itself be more verbose?
IIRC you could add verbosity settings for some of the modules, but RTFM.
> Is there an application (provided the above was correct) what doesn't
> use an internal fallback for authentication?
Most PAM users have no internal fallback support. But we don't have very much
PAM users in base anyway, and those do.