On Tue, Apr 09, 2002 at 02:22:32PM +0200, Rogier Maas wrote:
#%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_unix.so auth required /lib/security/pam_shells.so account required /lib/security/pam_unix.so session required /lib/security/pam_unix.so none # debug or trace
Well, that looks like the default proftpd pam file. That's good.
I have no idea what these lines mean. What is 'item=', what does'sense=' do, what is done with the 'file=' parameter, etc.. All files mentioned here (in /lib/security) exist. I recently reinstalled pam and proftpd to see if that would work, but it doesn't..
The first line calls the pam listfile library to authenticate users that try to connect. If any of the "auth required" lines fails, the user will not be able to connect. The item, sense, file, and onerr are parms to the library that mean check the user ID in /etc/ftpusers and if there is a match, deny access. Look in /usr/share/doc/packages/pam for all the details of each library. I haven't had to configure an ftp server in a while so I don't know if the problem is with pam or proftpd. What version of pam do you have installed. Have you updated it with YOU? Here are the pam related packages I have installed: pam_devperm-2001.8.31-9 yast2-agent-pam-2.4.2-36 pam-devel-0.75-57 pam-0.75-166 I've had good luck with pam doing login and xdm access controls. Sorry I don't have any better information for you. Best Regards, Keith -- LPIC-2, MSCE, N+ I can C for miles and miles Got spam? Get SPASTIC http://spastic.sourceforge.net