pam support in pure-ftpd-1.0.16b is broken. Builds and merges OK, but non- anonymous users cannot log in. Reproducible: Always Steps to Reproduce: 1. update exsisting pure-ftpd to 1.0.16b via portage and binary package 2. restart pure-ftpd 3. Actual Results: anonymous users can connect and use service users authenticated via pam cannot connect ... Expected Results: Let both type of users authenticate and use service Portage 2.0.49-r13 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1, 2.4.20-gentoo- r7) ================================================================= System uname: 2.4.20-gentoo-r7 i686 Pentium II (Deschutes) Gentoo Base System version 1.4.3.10p1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=i686 -O3 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /var/bind /usr/X 11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/kde/3/share/config /usr/share/te xmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=i686 -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="sandbox ccache autoaddcvs" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 oss apm avi crypt encode foomaticdb gif jpeg gnome libg++ mad mikmod mpeg ncurses nls pdflib png quicktime spell truetype xml2 xmms xv zlib gdbm berkdb slang readline arts tetex svga java guile ruby mysql postgres X sdl gpm tcpd pam libwww ssl perl python esd imlib oggvorbis gtk qt kde motif opengl ldap cups" mx0 root # cat /etc/pam.d/pure-ftpd auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_shells.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth mx0 root # cat /etc/pam.d/system-auth #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_pwdb.so audit likeauth nodelay shadow bigcrypt auth sufficient /lib/security/pam_ldap.so debug use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_pwdb.so audit shadow bigcrypt account sufficient /lib/security/pam_ldap.so debug account required /lib/security/pam_deny.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_pwdb.so audit use_authtok shadow bigcrypt password sufficient /lib/security/pam_ldap.so debug use_authtok use_first_pass password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session sufficient /lib/security/pam_pwdb.so session sufficient /lib/security/pam_ldap.so session required /lib/security/pam_deny.so mx0 root # cat /etc/conf.d/pure-ftpd # Config file for /etc/init.d/pure-ftpd ##Comment variables out to disable its features, or change the values in it... ## ## This variable must be uncommented in order for the server to start ## IS_CONFIGURED="yes" ## FTP Server,Port (separated by comma) ## ## If you prefer host names over IP addresses, it's your choice : ## SERVER="-S ftp.rtchat.com,21" ## IPv6 addresses are supported. SERVER="-S 198.214.42.5,21" ## Number of simultaneous connections in total, and per ip ## MAX_CONN="-c 30" MAX_CONN_IP="-C 10" ## Start daemonized in background ## DAEMON="-B" ## Don't allow uploads if the partition is more full then this var ## DISK_FULL="-k 90%" ## If your FTP server is behind a NAT box, uncomment this ## #USE_NAT="-N" ## Authentication (others are 'pam', ...)## ## Further infos in the README file. AUTH="-l pam" ## Change the maximum idle time. (in minutes. default 15) #TIMEOUT="-I <timeout>'" ## Use that facility for syslog logging. It defaults to 'ftp' ## Logging can be disabled with '-f none' . #LOG="-f facility" ## Misc. Others ## #MISC_OTHER="-A -x -j -R -d -Y 0" MISC_OTHER="-A -x -j -R" # # Use these inside $MISC_OTHER # More can be found on "http://pureftpd.sourceforge.net/README" # # -A [ chroot() everyone, but root ] # -e [ Only allow anonymous users ] # -E [ Only allow authenticated users. Anonymous logins are prohibited. ] # -i [ Disallow upload for anonymous users, whatever directory perms are ] # -j [ If the home directory of a user doesn't exist, auto-create it ] # -M [ Allow anonymous users to create directories. ] # -R [ Disallow users (even non-anonymous ones) usage of the CHMOD command ] # -x [ Authenticated users can read/write files beginning with a dot ('.') # Anonymous users can't, for security reasons ] # -X [ Users can't write/read files and directories starting with a dot ('.') ] # -D [ List files beginning with a dot ('.') even when the client doesn't # append the '-a' option to the list command. A workaround for badly # configured FTP clients. ] # -G [ Disallow renaming. ] # -d [ Send various debugging messages to the syslog. ONLY for DEBUG ] # -F <fortune file> [ Display a fortune cookie on login. Check the README file ] # -H [ By default, fully-qualified host names are logged. The '-H' flag avoids host names resolution. ]
Fixed in 1.0.16c that has just been released.
pure-ftpd-1.0.16c is now in portage. Please test and let me know if you find any further problems.