RE: PAM not playing nicely with vsftpd and

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Correct. I have to apologize for my short and totally incoherent response. I received the question at near midnight and know better than to respond to a fairly technical question right before retiring for the evening.

My assumption is that your /etc/pam.d/vsftpd matches /etc/pam.d/sshd line for line except the line for session triggering the module.

Does the user you are testing with have a valid shell directive within the /etc/passwd file? I.E. /bin/bash, /bin/sh etc?

And if so, does exist anywhere within the common includes for the /etc/pam.d/vsftpd file? I ask these questions due to this particular configuration

Can you add a debug directive to the line; i.e. 'session optional debug'? According to the documentation for at you can also add a log directive and monitor that during your tests.

Those should help you further diagnose the actual problem when it works for the sshd service.

From: pam-list-bounces@xxxxxxxxxx [pam-list-bounces@xxxxxxxxxx] on behalf of Jeffrey Starin [jeffschips@xxxxxxxxx]
Sent: Thursday, December 25, 2014 12:48 AM
To: Pluggable Authentication Modules
Subject: Re: PAM not playing nicely with vsftpd and

Okay. I need a bit more explanation. Glad to hear there might be hope but don't completely understand "always that directive to common session" .  I think you mean place the statement:

session    optional 

Inside the common session file?

If so what is the theory behind why that could work -- trying to teach myself the reasons why that could be a solution.

Thank you.

On Dec 25, 2014 2:24 AM, "Jason Gerfen" <jason.gerfen@xxxxxxxx> wrote:
You could always that directive to common-session and try. 

On Dec 24, 2014, at 11:01 PM, "Chip" <jeffschips@xxxxxxxxx> wrote:

I've researched this feature extensively and need help. PAM is a difficult authentication program for me to thoroughly understand although I'm learning.

Running Debian Wheezy.

Have pam setup to trigger off an email when users login using sshd -- that works fine.  No problem using this command in the /etc/pam.d/sshd file:

session    optional /usr/local/bin/

However, I need it to work with vsftpd and getting it to work with sshd was just a test.  However, I can't get it to work with vsftpd, the contents of /etc/pam.d/vsftpd are:

auth    required item=user sense=deny file=/etc/ftpusers _onerr_=succeed
@include common-account
@include common-session
@include common-auth
session    optional /usr/local/bin/

What am I missing here?  Is pam even designed to work with vsftpd?  Running the following command indicates it's hooked into vsftpd, but doesn't seem to want to play nicely with vsftpd.

$ ldd /{,usr/}{bin,sbin}/* | grep -B 5 libpam | grep '^/'

Pam-list mailing list

Pam-list mailing list
Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux