LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   How to enable BOTH virtual & local vsftpd logins with PAM? (https://www.linuxquestions.org/questions/linux-software-2/how-to-enable-both-virtual-and-local-vsftpd-logins-with-pam-365860/)

quasidynamic 09-22-2005 05:16 AM
How to enable BOTH virtual & local vsftpd logins with PAM?
 
I am using vsftpd. I currently have a problem where I can use virtual logins OR local logins, but not BOTH concurrently. If i allow local logins to work, then i lose virtual login functionality, and vise versa. The reason for this is becuase of my PAM configs. I would love to know how to create a PAM config that would allow both types of logins...

Here is the PAM config which allows for LOCAL user logins:

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
------------------------------------------------------------------------------

and here is the PAM config which allows for my virtual users logins:

#%PAM-1.0
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login
-------------------------------------------------------------------------------

I did try combining both configs into one, but then EVERY user fails authentication for the obvious reason that: A. if you are local user, you will not be listed in the database containing virtual users, and B. if you are a virtual user, you will not have a LOCAL login account on the system.

HOW DO I SOLVE THIS?!?!

Thanks!

Devin

zoropio 07-26-2006 10:24 PM
Did you find a solution to this problem? As I am having the same issues

jamiebriant 07-24-2008 03:53 PM
I haven't actually tried it, but I imagine that changing the "required" to "sufficient" in each rule would be enough.

Jamie

karmabyte 08-12-2010 12:00 PM
This Worked
 
Can be done using the 'sufficient' keyword as jamie suggested. So in the OPs case the configuration would be

#%PAM-1.0
# Virtual Users
auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd_login
account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd_login
# Local Users
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth


All times are GMT -5. The time now is 04:30 AM.