Re: standard ftpd and PAM

["Martin P. Hellwig" <mhellwig@xxxxxxxxx>]

Joerg Sonnenberger wrote:
> On Fri, Jan 21, 2005 at 02:34:43PM +0100, Martin P. Hellwig wrote:
>
> > So from this behaviour I think I could conclude that:
> > - ftpd recieves a logon request for a user
> > - pam gets a authentication request by ftpd
> > - pam looks up an entry for ftpd (can't find any) falls back to other 
> > (can't find that either, I commented both out) and says "no modules 
> > loaded for `ftpd' service"
> > - ftpd recieves an "auth_pam" Permission denied" by PAM
> > - ftpd falls back to "internal" mechanisme to resolve authentication.
> >
> > Is the above a correct assumption?
>
>
> Yes. The "internal" mechanism is used to support (a) S/KEY (should be removed)
> (b) local passwords (should be removed). I think it is mostly historic garbage,
> which doesn't belong into the system anymore. It could be argued that even
> the handling of anonymous FTP doesn't belong into ftpd anymore.
>
>
> > Is there any way to make pam itself be more verbose?
>
>
> IIRC you could add verbosity settings for some of the modules, but RTFM.

I will read the fuzzy manpages ;-)

> > Is there an application (provided the above was correct) what doesn't 
> > use an internal fallback for authentication?
>
>
> Most PAM users have no internal fallback support. But we don't have very much
> PAM users in base anyway, and those do.
>
> Joerg

Thanks, this makes it alot easier to guess what the expected behaviour 
should be.

--
mph