ProFTPD authentication weirdness

ProFTPD authentication weirdness

Post by Chris Harshm » Sat, 06 Oct 2001 02:48:27



We're running ProFTPD 1.2.1 on an internal server,
on RedHat 6.2 (all updates applied).  ProFTPD was
installed Stand-alone, from RPMs (we're not running
inetd).  No special configuration was done in PAM.

The problem is, once the daemon's up and running,
if a user is added to the system, that user will
be unable to login to ProFTPD until the daemon is
restarted (`/etc/rc.d/init.d/proftpd restart`).

Even with debugging set to level 5, this is all we
get in the logs:

Oct  4 10:26:27 betamax proftpd[11514]: betamax.sonypictures.com (localhost.loca
ldomain[127.0.0.1]) - FTP session opened.
Oct  4 10:26:32 betamax proftpd[11514]: betamax.sonypictures.com (localhost.loca
ldomain[127.0.0.1]) - PAM(USERNAME): Authentication failure.
Oct  4 10:26:34 betamax proftpd[11514]: betamax.sonypictures.com (localhost.loca
ldomain[127.0.0.1]) - FTP session closed.

Restart the server and connect again with the same username and
password, and everything works as expected.  (Actually, sending
the server a SIGHUP does the same thing.)

Is this normal behavior?

Thanks,
Chris

 
 
 

ProFTPD authentication weirdness

Post by Dean Thompso » Sat, 06 Oct 2001 15:30:41


Hi!,

Quote:> We're running ProFTPD 1.2.1 on an internal server,
> on RedHat 6.2 (all updates applied).  ProFTPD was
> installed Stand-alone, from RPMs (we're not running
> inetd).  No special configuration was done in PAM.

> The problem is, once the daemon's up and running,
> if a user is added to the system, that user will
> be unable to login to ProFTPD until the daemon is
> restarted (`/etc/rc.d/init.d/proftpd restart`).

> Even with debugging set to level 5, this is all we
> get in the logs:

> Oct  4 10:26:27 betamax proftpd[11514]: betamax.sonypictures.com (localhost.loca
> ldomain[127.0.0.1]) - FTP session opened.
> Oct  4 10:26:32 betamax proftpd[11514]: betamax.sonypictures.com (localhost.loca
> ldomain[127.0.0.1]) - PAM(USERNAME): Authentication failure.
> Oct  4 10:26:34 betamax proftpd[11514]: betamax.sonypictures.com (localhost.loca
> ldomain[127.0.0.1]) - FTP session closed.

> Restart the server and connect again with the same username and
> password, and everything works as expected.  (Actually, sending
> the server a SIGHUP does the same thing.)

> Is this normal behavior?

It is quite possible that ProFTPD is caching the user password file, in which
case this would be standard behaviour.  Are these users being added to the
overall system (with a login) or are they actually being installed as virtual
users to a virtual site that ProFTPD knows about.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. Authentication bug in proftpd-1.2.2rc3 ?

I installed proftpd-1.2.2rc3 from source onto a test system, and
encountered something that looks like an authentication bug.

There is a directive "AuthUserFile" which you can use to set an 'alternate'
passwd-like file. However, when I use this no users get authenticated on
the system. In messages --  PAM(someusername): Authentication failure.

I have not changed my configuration file since 1.2.2rc2. But I even tried
the following (first line is supposed to fix exactly this sort of thing)

AuthPAMAuthoritative    off
AuthUserFile            /etc/passwd

Still doesn't work. Any ideas why this feature would appear to stop working
all of a sudden? Or is this a bug?

--
http://www.pc-tools.net/
DOS, Win32, Linux software

2. PLEASE READ !

3. proftpd authentication via nis

4. Price on C&C++ for Unix

5. Getting Proftpd to work with MySQL Authentication

6. Dosemu, Netware and Ethernet_II - Help!

7. PAM problems (in ProFTPD authentication)

8. Is deadlock possible?

9. Getting Proftpd to work with MySQL Authentication

10. LSeek Weirdness or My Weirdness?

11. SSH Remote access Always getting: Disconnected; authentication error (No further authentication methods available).

12. pppd: peer authentication required but no authentication files accessible ????????????

13. SCO Authentication vs LINUX Authentication