Package: proftpd-basic
Version: 1.3.1-12
Severity: normal
Despite the patch authoritative_pam.dpatch PAM isn't authoritative. I've
uncommented the AuthOrder directive in proftpd.conf so that it reads
AuthOrder *mod_auth_pam.c mod_auth_unix.c
but one can still log in although PAM denies access.
According to README.PAM the line should read
AuthOrder mod_auth_pam.c* mod_auth_unix.c
with the asterisk behind the module name but that doesn't make any
difference.
Below is the relevant output:
$ proftpd -d 10 -c /etc/proftpd/proftpd.conf -n
- dispatching CMD command 'PASS (hidden)' to mod_auth
- retrieved group IDs: 1002, 29
- retrieved group names: john, audio
- retrieved UID 1002 for user 'john'
- ROOT PRIVS at mod_auth_pam.c:289
- PAM(john): Permission denied
- RELINQUISH PRIVS at mod_auth_pam.c:464
- ROOT PRIVS at mod_auth_unix.c:428
- user john authenticated by mod_auth_unix.c
Greetings,
Piotr
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.26-orbiter.x86-64.1 (PREEMPT)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages proftpd-basic depends on:
ii adduser 3.108 add and remove users and groups
ii debconf 1.5.23 Debian configuration management sy
ii debianutils 2.30 Miscellaneous utilities specific t
ii libacl1 2.2.47-2 Access control list shared library
ii libattr1 1:2.4.43-1 Extended attribute shared library
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libncurses5 5.6+20080713-1 shared libraries for terminal hand
ii libpam-runtime1.0.1-1Runtime support for the PAM librar
ii libpam0g 1.0.1-1Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8g-12 SSL shared libraries
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra
ii netbase 4.33 Basic TCP/IP networking system
ii sed 4.1.5-8The GNU sed stream editor
ii ucf 3.007 Update Configuration File: preserv
ii update-inetd 4.30 inetd configuration file updater
proftpd-basic recommends no packages.
Versions of packages proftpd-basic suggests:
ii openssl 0.9.8g-12 Secure Socket Layer (SSL) binary a
ii proftpd-doc 1.3.1-12 Versatile, virtual-hosting FTP dae
pn proftpd-mod-ldap none (no description available)
pn proftpd-mod-mysql none (no description available)
pn proftpd-mod-pgsql none (no description available)
-- debconf information:
* shared/proftpd/inetd_or_standalone: standalone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]