Hi. Sorry for delay. I'm forwarding Marius' response to my original
posting. He solves all the problem. Summarizing: the best solution is
adding the following lines to proftpd.conf.
# Habilitamos PAM
AuthPAM on
AuthPAMConfig proftpd
Reason: by default "original" proftpd package choose looking at
/etc/pam.d/ftpd instead of /etc/pam.d/proftpd, which is the SuSE
solution. The above lines fix the problem pointing to the correct
location. I suppose it is also possible to indicate this at compile
time breaking so the default behaviour.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
** RoMaN SoFt / LLFB **
roman@madrid.com
http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To: RoMaN SoFt / LLFB!!
---------- Forwarded message ---------- From: RoMaN SoFt / LLFB!!
Date: Wed, 14 Feb 2001 18:46:27 +0100 Subject: [suse-security] Proftpd questions Hi.
Hi!
I've compiled 1.2.0rc3 as follows: # ./configure --with-modules=mod_linuxprivs
With that module I should get extra security (at least it is supposed to) :-))
I want to know is anybody has tested that module and whether or not it is stable. Does it worth the pain?
No, the module should be OK. It is tested on SuSE Linux and we ship our proftpd's allways with enabled mod_linuxprivs. There was one autoconfig problem - and because of this also a security buf - about two years (?) ago, because the seteuid functionality has changed in the glibc (2.0 -> 2.1 ?), but this is changes to match both before 1.2.0rc1.
2nd question: when I make ftp to my account I got these messages logged:
goliat:~ # tail -f /var/log/messages Feb 14 18:37:23 goliat PAM-warn[3798]: service: ftp [on terminal: <unknown>] Feb 14 18:37:23 goliat PAM-warn[3798]: user: (uid=0) -> roman [remote: ?nobody@roman] Feb 14 18:37:23 goliat PAM-warn[3798]: service: ftp [on terminal: <unknown>] Feb 14 18:37:23 goliat PAM-warn[3798]: user: (uid=0) -> roman [remote: ?nobody@roman] Feb 14 18:37:23 goliat PAM-unix2[3798]: session started for user roman, service ftp Feb 14 18:37:23 goliat proftpd[3798]: goliat.walhall (roman[192.168.0.247]) - USER roman: Login successful. Feb 14 18:37:27 goliat proftpd[3798]: goliat.walhall (roman[192.168.0.247]) - FTP session closed.
I don't know why am I getting this PAM warnings. I didn't get them with SuSE's proftpd (rpm).
You have it / we ship a pam config (/etc/pam.d/proftpd). If you
compile original source, you have to set
AuthPAMConfig proftpd
in the /etc/proftpd.conf, or of course - copy /etc/pam.d/proftpd
to /etc/pam.d/ftp. We are changing the default name "ftp" (see
your messages above) to "proftpd", because we have more than one
ftp-daemon on our CDs.
See also http://www.suse.de/~mt/proftpd/ - there are RPM's for
i386 - official update RPM's for all arch's will be avaliable
the next days...
Sorry for the delay - mea culpa, but I'm really busy with other
also very important things at the moment.
cu,
Marius Tomaschewski