ckevin
04-09-2002, 09:12 AM
In my log file:
Security Violations
=-=-=-=-=-=-=-=-=-=
Apr 9 08:51:10 server proftpd[32029]: server.abc.com (1.1.1.1[1.1.1.1]) - PAM(user_A): Authentication failure.
Apr 9 08:51:10 server proftpd[32029]: server.abc.com (1.1.1.1[1.1.1.1]) - USER user_A: Login successful.
* 1.1.1.1 : Real IP
** My server : server.abc.com
I wonder why my log file stated PAM Authentication failure while the user actually has the correct password and can login successfully, what's the problem behind?
Thanks in advance.
priyadi
04-09-2002, 11:11 AM
Originally posted by ckevin
* 1.1.1.1 : Real IP
** My server : server.abc.com
I wonder why my log file stated PAM Authentication failure while the user actually has the correct password and can login successfully, what's the problem behind?
Thanks in advance.
I think it is caused by multiple authentication module are in effect, like when you are using LDAP or YP/NIS authentication as well as plain UNIX /etc/passwd authentication. One module probably has failed authenticating the user, but another module has successfully authenticated the user.
All of these are only my guess of course.
ckevin
04-09-2002, 11:37 AM
priyadi, thanks for your analysis. If so, how can I fix the problem?
Thanks,
Kevin
allera
04-09-2002, 11:40 AM
Recompile without PAM support:
--disable-pam
Or if you're using FreeBSD ports:
make install WITHOUT_PAM=yes
make clean
ckevin
04-09-2002, 12:17 PM
I'm using RH7.2, so recompile what? Actually, how can I know what Authentication method the server is using?
PAM is not a good Authentication method? so we choose others and disable-pam? Sorry, but I'm not familiar with this :(
allera
04-09-2002, 02:12 PM
I have no idea what to do about RPMs -- I don't use them.
PAM is just another authentication method. If you don't use it, you don't need proftpd to support it (unless you plan to use it later).
Your proftpd authentication is working fine -- it's just trying to use PAM too. Disable PAM on proftpd and that PAM error will go away while your ftp connections still go through.
Wish I could be of more help. :(
protector330
04-09-2002, 03:09 PM
hi :)
I had exactly the same problem. you should use PAM coz it's the most sicure (at least this is what looots of sites say).
To fix that problem you have to follow this 2 steps:
1) open your proftpd.conf file and add the following stuff inside the GLOBAL section:
AuthPAM on
AuthPAMConfig anamewhateveryouwant
AuthPAMAuthoritative on
2) you have to add a new pam service for "anamewhateveryouwant". you will find the howtos in http://www.proftpd.org/docs/faq/proftpdfaq.html depending which OS you are using you will have to add some lines to the pam configuration....
hope it helps :)
priyadi
04-09-2002, 03:50 PM
What's inside your /etc/pam.d/ftp (or ftpd)? If there are multiple auth entries, comment out all auth entries other than pwdb (or unix). Some installation put things like PAMified /etc/ftpusers support in it, however I believe proftpd can handle this internally.
ckevin
04-09-2002, 10:26 PM
protector, I agree PAM is more secure and thank you for your detailed instructions, I will try it out later :)
Also thanks allera and priyadi!
Kevin
