Menu
▾
▴
Re: [Proftpd-user] Authentication fails under Mac OS 10.3
|
From: Randall P. <rg...@sy...> - 2003-11-26 18:41:35
|
> Is it version proftpd 1.2.9?
Yes it's proftpd 1.2.9 -- thanks for the patch.
There were 2 minor problems with the patch file:
1) file was mac not unix format
2) 1st chunk patched, 2nd didn't
Checked the file out and it looks like the only difference was the addition
of a check for DARWIN7, which I added manually. Listed the relevant code
below. Also, had a compilation warning, also listed below.
After restarting proftpd had the same problems. My own account (call it
acct#1) can log in fine. Another account (acct#2) can't. Here's the
secure.log output from proftpd login tries:
Nov 26 13:22:11 localhost com.apple.SecurityServer: authinternal
authenticated user acct#1 (uid 501) for right system.login.tty.
Nov 26 13:22:11 localhost com.apple.SecurityServer: Succeeded authorizing
right system.login.tty by process /proftpd: 127.0.0.1:62103: PASS (hidden)
for authorization created by /proftpd: 127.0.0.1:62103: PASS (hidden).
Nov 26 13:22:17 localhost com.apple.SecurityServer: authinternal
authenticated user acct#2 (uid 135) for right system.login.tty.
Nov 26 13:22:17 localhost com.apple.SecurityServer: Succeeded authorizing
right system.login.tty by process /proftpd: 127.0.0.1:62110: PASS (hidden)
for authorization created by /proftpd: 127.0.0.1:62110: PASS (hidden).
Again, if I remove the line:
auth sufficient pam_securityserver.so
From /etc/pam.d/ftp, login fails on all accounts, including acct#1, and
there is no entry added to secure.log.
Patched code from inet.c
_________________________
#if defined(SOLARIS2) || defined(FREEBSD2) || defined(FREEBSD3) || \
defined(FREEBSD4) || defined(FREEBSD5) || defined(__OpenBSD__) || \
defined(__NetBSD__) || defined(DARWIN6) || defined(DARWIN7) ||
defined(SCO3) || \
defined(CYGWIN) || defined(SYSV4_2MP) || defined(SYSV5UNIXWARE7)
# ifdef SOLARIS2
if (port != INPORT_ANY && port < 1024) {
# endif
pr_signals_block();
PRIVS_ROOT
# ifdef SOLARIS2
}
# endif
#endif
fd = socket(addr_family, SOCK_STREAM, tcp_proto);
#if defined(SOLARIS2) || defined(FREEBSD2) || defined(FREEBSD3) || \
defined(FREEBSD4) || defined(FREEBSD5) || defined(__OpenBSD__) || \
defined(__NetBSD__) || defined(DARWIN6) || defined(DARWIN7) || \
defined(SCO3) || defined(CYGWIN) || defined(SYSV4_2MP) || \
defined(SYSV5UNIXWARE7)
# ifdef SOLARIS2
if (port != INPORT_ANY && port < 1024) {
# endif
PRIVS_RELINQUISH
pr_signals_unblock();
# ifdef SOLARIS2
}
# endif
#endif
Compile warning
____________
gcc -DDARWIN7_0_0 -DDARWIN7 -I.. -I../include -O2 -Wall -Wno-long-double
-c getopt1.c
ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o glibc-glob.o
glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o getopt.o getopt1.o
ranlib libsupp.a
ranlib: file: libsupp.a(glibc-hstrerror.o) has no symbols
>
> If so you need a to patch the source code and recompile. Then it will
> work with the suggested /etc/pam.d/ftp file (no extra line needed).
>
> Also, if you do not apply the patch you will have problems with
> simultaneous connections from the same IP.
>
> I am sending the patch, hope this mailing list accepts attachments.
>
> Best regards,
> Charles
>
>
>
>
> On Nov 26, 2003, at 15:13, Randall Perry wrote:
>
>> After upgrading to Mac OS 10.3, I discovered login fails to proftpd --
>> apparently 10.3 requires pam auth.
>>
>> So, I followed proftpd instructions for setting up pam with Mac OSX,
>> creating the file /etc/pam.d/ftp and adding this:
>>
>> auth required pam_unix.so try_first_pass
>> account required pam_unix.so try_first_pass
>> session required pam_permit.so
>>
>> That didn't work, so I grabbed the 1st line from apple's ftpd file and
>> inserted it into ftp, so now it looks like:
>>
>> auth sufficient pam_securityserver.so
>> auth required pam_unix.so try_first_pass
>> account required pam_unix.so try_first_pass
>> session required pam_permit.so
>>
>> Now it works, but only with my account on the server. All other
>> accounts
>> fail at login.
>>
>> If I look at /var/log/secure I see identical entries whether login
>> succeeds
>> (on my account) or fails (on all other accounts)
>>
>> Nov 25 23:03:13 localhost com.apple.SecurityServer: Succeeded
>> authorizing
>> right system.login.tty by process /proftpd: 127.0.0.1:60768: PASS
>> (hidden)
>> for authorization created by /proftpd: 127.0.0.1:60768: PASS (hidden).
>>
>> Am new to PAM and would appreciate any help.
>>
>> TIA
>>
>>
>>> Discovered proftpd will not authenticate after upgrading to Mac OSXS
>>> 10.3.1.
>>> Using proftpd 1.2.9.
>>>
>>> It's a standalone server running lookupd, netinfo, and password
>>> server (not
>>> LDAP).
>>>
>>> I'm eventually going to make the machine an Open Directory master,
>>> but need
>>> to make sure everything's working before I attempt it.
>>>
>>> Is there something else I should try to get it working, or should I
>>> wait
>>> till I get my OD LDAP server running and authenticate that way?
>>>
>>
>> --
>> Randall Perry
>> sysTame
>>
>> Xserve Web Hosting/Co-location
>> Website Development/Promotion
>> Mac Consulting/Sales
>>
>> http://www.systame.com/
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: SF.net Giveback Program.
>> Does SourceForge.net help you be more productive? Does it
>> help you create better code? SHARE THE LOVE, and help us help
>> YOU! Click Here: http://sourceforge.net/donate/
>> _______________________________________________
>> ProFTPD Users List <pro...@pr...>
>> Unsubscribe problems?
>> http://www.proftpd.org/list-unsub.html
>>
>>
> ____________________________________________________
> Institut Balear de Comunicacions, S.L.
> Gremio Tejedores 22, 1
> 07009 Palma de Mallorca, Spain
> Tel: +34 971.90.90.00 | Mobile: +34 607.87.12.77
> Fax: +34 971.43.08.18 | E-mail: cke...@ib...
> URL: http://www.ibacom.es/
> ____________________________________________________
>
>
--
Randall Perry
sysTame
Xserve Web Hosting/Co-location
Website Development/Promotion
Mac Consulting/Sales
http://www.systame.com/
|