How to enable BOTH virtual & local vsftpd logins with PAM?
I am using vsftpd. I currently have a problem where I can use virtual logins OR local logins, but not BOTH concurrently. If i allow local logins to work, then i lose virtual login functionality, and vise versa. The reason for this is becuase of my PAM configs. I would love to know how to create a PAM config that would allow both types of logins...
Here is the PAM config which allows for LOCAL user logins: #%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth ------------------------------------------------------------------------------ and here is the PAM config which allows for my virtual users logins: #%PAM-1.0 auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login account required /lib/security/pam_userdb.so db=/etc/vsftpd_login ------------------------------------------------------------------------------- I did try combining both configs into one, but then EVERY user fails authentication for the obvious reason that: A. if you are local user, you will not be listed in the database containing virtual users, and B. if you are a virtual user, you will not have a LOCAL login account on the system. HOW DO I SOLVE THIS?!?! Thanks! Devin |
Did you find a solution to this problem? As I am having the same issues
|
I haven't actually tried it, but I imagine that changing the "required" to "sufficient" in each rule would be enough.
Jamie |
This Worked
Can be done using the 'sufficient' keyword as jamie suggested. So in the OPs case the configuration would be
#%PAM-1.0 # Virtual Users auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd_login account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd_login # Local Users auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth |
All times are GMT -5. The time now is 04:30 AM. |