Some RedHat advice?
Neil Joseph Schelly
neil at jenandneil.com
Fri Jul 8 06:59:01 EDT 2005
On Friday 08 July 2005 12:35 am, Ken D'Ambrosio wrote:
> It seems likely to me that you need something in /etc/pam.d/; below is a
> handy link (it even mentions PAM, FTP *and* Red Hat, all in the same
> post!). The general gist, however, is that many services require an
> /etc/pam.d/ config file before they'll work with PAM; you may be able to
> look at your functional Debian /etc/pam.d/*ftp* file, and just pull it
> over. Maybe.
>
> http://www.castaglia.org/proftpd/doc/README.PAM.html
Red Hat comes with a PAM configuration already for vsftpd, which is working
fine. It includes a system-auth file, which includes the generic
authentication modules shared by all authentication scripts. That generic
include file is where I've added all the pam_winbind module information (auth
and account) for the active directory authentication, which is working fine.
That file also includes the session module for pam_mkhomedir, which is
apparently being ignored. The settings are all the same as from the Debian
test setup. And again, pam_mkhomedir is working fine for other methods of
login, such as SSH.
I have heard that this problem can occur with SSH also, when
UsePrivilegeSeparation is set to Yes, since the ssh daemon drops privileges
before the pam_mkhomedir module is called, though that doesn't make a whole
lot of sense to me because I was under the impression that PAM was intended
to be run as pretty much any user, so that any process, regardless of user,
can do authentication. I would have assumed that setting /home to 777 for
permissions would have dismissed this as the problem though.
Anyway, I will try more troubleshooting today. I think I'll try setting the
PrivilegeSeparation to Yes and see if I can duplicate the problem. When I
get to work, if anyone wants to see the pam configs, I will post them. I
think this has to do with vsftpd though, so I was hoping that someone had
some experience with using it beyond the default configuration. Or perhaps
someone with Red Hat experience can tell me what you do when the lack of
selection in Red Hat's packages doesn't have the "right" package for the job?
Can you safely go outside the distro or is that just asking for trouble?
Any other ideas?
-N
More information about the gnhlug-discuss
mailing list