Package: proftpd-basic Version: 1.3.1-12 Severity: normal Despite the patch authoritative_pam.dpatch PAM isn't authoritative. I've uncommented the AuthOrder directive in proftpd.conf so that it reads
AuthOrder *mod_auth_pam.c mod_auth_unix.c but one can still log in although PAM denies access. According to README.PAM the line should read AuthOrder mod_auth_pam.c* mod_auth_unix.c with the asterisk behind the module name but that doesn't make any difference. Below is the relevant output: $ proftpd -d 10 -c /etc/proftpd/proftpd.conf -n - dispatching CMD command 'PASS (hidden)' to mod_auth - retrieved group IDs: 1002, 29 - retrieved group names: john, audio - retrieved UID 1002 for user 'john' - ROOT PRIVS at mod_auth_pam.c:289 - PAM(john): Permission denied - RELINQUISH PRIVS at mod_auth_pam.c:464 - ROOT PRIVS at mod_auth_unix.c:428 - user john authenticated by mod_auth_unix.c Greetings, Piotr -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 2.6.26-orbiter.x86-64.1 (PREEMPT) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages proftpd-basic depends on: ii adduser 3.108 add and remove users and groups ii debconf 1.5.23 Debian configuration management sy ii debianutils 2.30 Miscellaneous utilities specific t ii libacl1 2.2.47-2 Access control list shared library ii libattr1 1:2.4.43-1 Extended attribute shared library ii libc6 2.7-13 GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libncurses5 5.6+20080713-1 shared libraries for terminal hand ii libpam-runtime 1.0.1-1 Runtime support for the PAM librar ii libpam0g 1.0.1-1 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8g-12 SSL shared libraries ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra ii netbase 4.33 Basic TCP/IP networking system ii sed 4.1.5-8 The GNU sed stream editor ii ucf 3.007 Update Configuration File: preserv ii update-inetd 4.30 inetd configuration file updater proftpd-basic recommends no packages. Versions of packages proftpd-basic suggests: ii openssl 0.9.8g-12 Secure Socket Layer (SSL) binary a ii proftpd-doc 1.3.1-12 Versatile, virtual-hosting FTP dae pn proftpd-mod-ldap <none> (no description available) pn proftpd-mod-mysql <none> (no description available) pn proftpd-mod-pgsql <none> (no description available) -- debconf information: * shared/proftpd/inetd_or_standalone: standalone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
