[Bug 700611] New: pure-ftpd fails with pam
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c0 Summary: pure-ftpd fails with pam Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: All OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: wolfgang@rosenauer.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 I'm trying to configure pure-ftpd to use pam (and pam_ldap behind). In that setup pure-ftpd is started through xinet with the following config: service ftp { socket_type = stream server = /usr/sbin/pure-ftpd server_args = -E -A -l pam protocol = tcp user = root wait = no } So only changed server_args. Authentication always failed and I was thinking it was my ldap setup but in the end finally tried to use the default /etc/pam.d/pure-ftpd configuration and try a local system user. Actually it failed the same way. Logging is like this: pure-ftpd: PAM audit_log_acct_message() failed: Operation not permitted pure-ftpd: (?@localhost) [WARNING] Authentication failed for user [wolfgang] I tried some changes in the pam config but always failed the same way so I think it's more a fundamental issue in pure-ftpd. (I had the same setup working on an earlier openSUSE version) Also see this thread: http://lists.opensuse.org/opensuse/2011-06/msg00363.html Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c1 --- Comment #1 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2011-06-18 12:58:38 UTC --- Also tried latest pure-ftpd from OBS network now and still the same issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |mvyskocil@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c2 --- Comment #2 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2011-06-18 13:59:51 UTC --- I also tried now to run pure-ftpd as standalone server basically with the default (non-public/only-private) configuration which is also using PAM. No success. Very same error. When I switch to unix auth it works. I can only conclude that PAM auth with pure-ftpd is completely broken at the moment. Also found this: http://forums.opensuse.org/english/get-technical-help-here/network-internet/... Nobody seems to get PAM to work. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c3 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED Severity|Normal |Major --- Comment #3 from Michal Vyskocil <mvyskocil@novell.com> 2011-06-20 12:40:42 UTC --- Reproduced - it seems the pure-ftpd + pam integration is broken. As a workaround I can recommend you vsftpd, it works with pam + chroot. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c4 --- Comment #4 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2011-06-20 12:43:21 UTC --- Thanks, my usecase was to use LDAP and as pure-ftpd has an ldap auth backend meanwhile and I got it working I got my workaround. Still it remains a major issue as you've recognized ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c5 --- Comment #5 from Michal Vyskocil <mvyskocil@novell.com> 2011-06-21 13:11:54 UTC --- So the problem is that pam_authenticate resurns PAM_SYS_ERROR - I found more similar bugs like this one. After some gdbing the most probable reason is pure-ftp change the uid or gid before pam conversation. I'll try to prepare a fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c6 --- Comment #6 from Michal Vyskocil <mvyskocil@novell.com> 2011-06-21 13:12:23 UTC --- JFI: the list of bugs https://bugzilla.novell.com/buglist.cgi?query_format=advanced&bug_status=UNC... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c7 --- Comment #7 from Michal Vyskocil <mvyskocil@novell.com> 2011-06-21 14:19:23 UTC --- Well, going through the internet it seems the most obvious reason is the missing CAP_AUDIT_WRITE capability (like proftpd bug 3257). I tested it and that's the reason. I will submit a fix tomorrow. http://bugs.proftpd.org/show_bug.cgi?id=3257 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c8 --- Comment #8 from Michal Vyskocil <mvyskocil@novell.com> 2011-06-22 08:32:35 UTC --- Submitted a fix into network/pure-ftpd - please test if you wish. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c9 --- Comment #9 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2011-06-22 09:17:46 UTC --- I can confirm that my previous setup through pam -> pam_ldap works again with the fixed package. (I'll stay with direct ldap support now though ;-)) I'd recommend a maintenance update for 11.4 as this is the default configuration and broken on every system. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c12 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #12 from Michal Vyskocil <mvyskocil@novell.com> 2011-06-22 13:49:38 UTC --- Submitted fix sle-10-sp3: 13057 sle-11: 13058 11.3: 74313 11.4: 74315 factory: 74316 NOTE: now is upstream https://github.com/jedisct1/pure-ftpd/commit/ac36eb8dd05506b0ffdd78e2f2e85a7... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c14 --- Comment #14 from Bernhard Wiedemann <bwiedemann@novell.com> 2011-06-22 23:00:24 CEST --- This is an autogenerated message for OBS integration: This bug (700611) was mentioned in https://build.opensuse.org/request/show/74313 11.3 / pure-ftpd https://build.opensuse.org/request/show/74315 11.4 / pure-ftpd https://build.opensuse.org/request/show/74316 Factory / pure-ftpd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c17 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:released:sle10-sp4:41 | |800 --- Comment #17 from Swamp Workflow Management <swamp@suse.com> 2011-06-24 17:54:08 UTC --- Update released for: pure-ftpd, pure-ftpd-debuginfo Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle10-sp4:41 |maint:released:sle10-sp4:41 |800 |800 | |maint:released:sle10-sp3:41 | |801 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c18 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle10-sp4:41 |maint:released:sle10-sp4:41 |800 |800 |maint:released:sle10-sp3:41 |maint:released:11.3:41802 |801 |maint:released:11.4:41802 --- Comment #18 from Swamp Workflow Management <swamp@suse.de> 2011-07-04 19:55:21 UTC --- Update released for: pure-ftpd, pure-ftpd-debuginfo, pure-ftpd-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=700611 https://bugzilla.novell.com/show_bug.cgi?id=700611#c19 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle10-sp4:41 |maint:released:sle10-sp4:41 |800 |800 |maint:released:11.3:41802 |maint:released:sle11-sp1:41 |maint:released:11.4:41802 |707 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> 2011-07-04 19:55:52 UTC --- Update released for: pure-ftpd, pure-ftpd-debuginfo, pure-ftpd-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com