Mats Erik Andersson <[email protected]> writes: > Dear all, > > to my disappointment I observe that the present "ftpd/pam.c" > is strongly dependent on Linux-PAM, in fact is properly > working if and only if "pam_ftp.so" by Andrew G. Morgan is > deployed and used. This in turn depends on the macros > PAM_INCOMPLETE and PAM_CONV_AGAIN which only exist in > Lainux-PAM and which are taken from an Openpam Group > draft no. 8, by the very same A. G. Morgan. Exactly the > same code base is in use by the Debian package "linux-ftpd", > so it was clearly copied lazily into GNU Inetutils. > > The absence of "pam_ftp.so" will, due to the coding of separate > calls pam_user() and pam_pass() from "ftpd/ftpd.c", make it > impossible for non-anonymous user to get access to the FTP daemon. > > It is very disturbing to have this very non-portable code, > so I would like your view on the following suggestion: > > * Protect the present PAM code by a configuration setting, > only invoking it on systems with Linux-PAM. Probably > all Glibc architectures. > > * Develop a new PAM integration for "ftpd" that is usable on > BSD systems, i.e., FreeBSD, NetBSD, DragonFlyBSD, and on Solaris.
I prefer 2) if it doesn't have any significant disadvantages over the current code. /Simon
