DragonFly BSD
DragonFly users List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: standard ftpd and PAM


From: "Martin P. Hellwig" <mhellwig@xxxxxxxxx>
Date: Fri, 21 Jan 2005 18:48:11 +0100

Joerg Sonnenberger wrote:
On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:

So from this behaviour I think I could conclude that:
- ftpd recieves a logon request for a user
- pam gets a authentication request by ftpd
- pam looks up an entry for ftpd (can't find any) falls back to other (can't find that either, I commented both out) and says "no modules loaded for `ftpd' service"
- ftpd recieves an "auth_pam" Permission denied" by PAM
- ftpd falls back to "internal" mechanisme to resolve authentication.


Is the above a correct assumption?


Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
(b) local passwords (should be removed). I think it is mostly historic garbage,
which doesn't belong into the system anymore. It could be argued that even
the handling of anonymous FTP doesn't belong into ftpd anymore.


Is there any way to make pam itself be more verbose?


IIRC you could add verbosity settings for some of the modules, but RTFM.

I will read the fuzzy manpages ;-)


Is there an application (provided the above was correct) what doesn't use an internal fallback for authentication?


Most PAM users have no internal fallback support. But we don't have very much
PAM users in base anyway, and those do.

Joerg


Thanks, this makes it alot easier to guess what the expected behaviour should be.


--
mph



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]