[Comm] ProFTP + PAM

Дегтярёв Дмитрий =?iso-8859-1?q?ddv_=CE=C1_nevod=2Eru?=
Чт Сен 11 10:27:13 MSD 2008 

Добрый день!

На Linux машине есть много пользователей из AD. Теперь понадобилось 
через FTP ходить в домашние каталоги.

ProFTP ни в какую не хочет использовать PAM.

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth     include        system-auth-krb
auth     required       pam_listfile.so item=user sense=deny 
file=/etc/ftpusers onerr=succeed
auth     required       pam_shells.so
auth     required       pam_nologin.so
account  include        system-auth-krb
password required       pam_deny.so
session  required       pam_deny.so

Через system-auth-krb работают без проблем samba, login, ssh и др.

Модуль mod_auth_pam присутствует
# proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_dso.c
  mod_auth_pam.c
  mod_readme.c
  mod_wrap.c
  mod_df.c
  mod_codeconv.c
  mod_cap.c
  mod_ctrls.c


В конфиге /etc/proftpd.conf:
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c



Запускаю proftpd в отладочном режиме и вижу, что используется только 
mod_auth_unix
server (196.233.150.123[196.233.150.123]) - connected - local  : 
192.168.0.1:2vasyaerver (196.233.150.123[196.233.150.123]) - connected - 
remote : 196.233.150.123:37377
server (196.233.150.123[196.233.150.123]) - FTP session opened.
server - FS: using system lstat()
server - FS: using system lstat()
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'USER vasya' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD command 
'USER vasya' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting 
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'USER vasya' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_wrap
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getgroups" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"getpwnam" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - stashed module 
'mod_auth_unix.c' for user 'vasya' in the authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"gid2name" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - using module 
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"auth" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - ROOT PRIVS at 
mod_auth_unix.c:423
server (196.233.150.123[196.233.150.123]) - RELINQUISH PRIVS at 
mod_auth_unix.c:462
server (196.233.150.123[196.233.150.123]) - using module 
'mod_auth_unix.c' from authcache to authenticate user 'vasya'
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"check" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - USER vasya (Login failed): 
Incorrect password.
server (196.233.150.123[196.233.150.123]) - dispatching POST_CMD_ERR 
command 'PASS (hidden)' to mod_delay
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: selecting 
median interval from 76 values
server (196.233.150.123[196.233.150.123]) - mod_delay/0.5: delaying for 
25362 usecs
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD_ERR 
command 'PASS (hidden)' to mod_auth
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_codeconv
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching PRE_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'QUIT' to mod_log
server (196.233.150.123[196.233.150.123]) - dispatching LOG_CMD command 
'QUIT' to mod_core
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endpwent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - emptying authcache
server (196.233.150.123[196.233.150.123]) - dispatching auth request 
"endgrent" to module mod_auth_unix
server (196.233.150.123[196.233.150.123]) - FTP session closed.

Что не так?
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : ddv.vcf
Тип     : text/x-vcard
Размер  : 1110 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/community/attachments/20080911/dc68c978/attachment-0002.vcf>

Подробная информация о списке рассылки community