If pam is compiled without the pwdb flag, the pam module installed by proftpd won't work. These settings taken from /etc/pam.d/ftp won't work: auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so
I have: #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so and pam-0.77 with no pwdb flag.
So? What's your point?
Sorry, my point is that for me with the same settings it works :) So i cannot duplicate your problem.
Hmm.. then it's strange that your pam_pwdb module was built even though you have -pwdb in the USE flags. Can you make sure that you don't have the flag set and maybe recompile pam and restart proftpd?
I have no pwdb pam module. But i have an extra line in /etc/pam.d/ftp can you add that and see if it works?
I do have it, I've just pasted the lines which contain the pam_pwdb module. Anyway, I really don't see how your proftpd server works without the module... Do you have this in proftpd.conf, in the <Global> section? AuthPAM on AuthPAMAuthoritative on
My proftpd is compiled with +pam, but pam is installed with without pwdb. Yet, the /etc/pam.d/ftp is account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so Gives me some errors in my syslog, but auth works, since I don't use AuthPAM in my config. Nov 11 23:29:27 [proftpd] PAM unable to dlopen(/lib/security/pam_pwdb.so) Nov 11 23:29:27 [proftpd] PAM [dlerror: /lib/security/pam_pwdb.so: cannot open shared object file: No such file or directory] Nov 11 23:29:27 [proftpd] PAM adding faulty module: /lib/security/pam_pwdb.so
I'd like to "me too" comment #7, and ask if there is a more appropriate PAM configuration that should be used if pwdb is not enabled. I don't know really know much about how PAM configuration, but, for example, the imap file contains: auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth Would this make sense for ftp as well? Is there any reason that this configuation wouldn't always be desirable over the default ftp config? (I.e., regardless of whether or not PAM was build with USE=pwdb .)
Fixed in 1.2.10-r3 if you do not want to upgrade please copy files/ftp.pamd to /etc/pam.d/ftp.