From: Randall P. <rg...@sy...> - 2003-11-26 18:41:35
|
> Is it version proftpd 1.2.9? Yes it's proftpd 1.2.9 -- thanks for the patch. There were 2 minor problems with the patch file: 1) file was mac not unix format 2) 1st chunk patched, 2nd didn't Checked the file out and it looks like the only difference was the addition of a check for DARWIN7, which I added manually. Listed the relevant code below. Also, had a compilation warning, also listed below. After restarting proftpd had the same problems. My own account (call it acct#1) can log in fine. Another account (acct#2) can't. Here's the secure.log output from proftpd login tries: Nov 26 13:22:11 localhost com.apple.SecurityServer: authinternal authenticated user acct#1 (uid 501) for right system.login.tty. Nov 26 13:22:11 localhost com.apple.SecurityServer: Succeeded authorizing right system.login.tty by process /proftpd: 127.0.0.1:62103: PASS (hidden) for authorization created by /proftpd: 127.0.0.1:62103: PASS (hidden). Nov 26 13:22:17 localhost com.apple.SecurityServer: authinternal authenticated user acct#2 (uid 135) for right system.login.tty. Nov 26 13:22:17 localhost com.apple.SecurityServer: Succeeded authorizing right system.login.tty by process /proftpd: 127.0.0.1:62110: PASS (hidden) for authorization created by /proftpd: 127.0.0.1:62110: PASS (hidden). Again, if I remove the line: auth sufficient pam_securityserver.so From /etc/pam.d/ftp, login fails on all accounts, including acct#1, and there is no entry added to secure.log. Patched code from inet.c _________________________ #if defined(SOLARIS2) || defined(FREEBSD2) || defined(FREEBSD3) || \ defined(FREEBSD4) || defined(FREEBSD5) || defined(__OpenBSD__) || \ defined(__NetBSD__) || defined(DARWIN6) || defined(DARWIN7) || defined(SCO3) || \ defined(CYGWIN) || defined(SYSV4_2MP) || defined(SYSV5UNIXWARE7) # ifdef SOLARIS2 if (port != INPORT_ANY && port < 1024) { # endif pr_signals_block(); PRIVS_ROOT # ifdef SOLARIS2 } # endif #endif fd = socket(addr_family, SOCK_STREAM, tcp_proto); #if defined(SOLARIS2) || defined(FREEBSD2) || defined(FREEBSD3) || \ defined(FREEBSD4) || defined(FREEBSD5) || defined(__OpenBSD__) || \ defined(__NetBSD__) || defined(DARWIN6) || defined(DARWIN7) || \ defined(SCO3) || defined(CYGWIN) || defined(SYSV4_2MP) || \ defined(SYSV5UNIXWARE7) # ifdef SOLARIS2 if (port != INPORT_ANY && port < 1024) { # endif PRIVS_RELINQUISH pr_signals_unblock(); # ifdef SOLARIS2 } # endif #endif Compile warning ____________ gcc -DDARWIN7_0_0 -DDARWIN7 -I.. -I../include -O2 -Wall -Wno-long-double -c getopt1.c ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o glibc-glob.o glibc-hstrerror.o glibc-mkstemp.o pr-syslog.o pwgrent.o getopt.o getopt1.o ranlib libsupp.a ranlib: file: libsupp.a(glibc-hstrerror.o) has no symbols > > If so you need a to patch the source code and recompile. Then it will > work with the suggested /etc/pam.d/ftp file (no extra line needed). > > Also, if you do not apply the patch you will have problems with > simultaneous connections from the same IP. > > I am sending the patch, hope this mailing list accepts attachments. > > Best regards, > Charles > > > > > On Nov 26, 2003, at 15:13, Randall Perry wrote: > >> After upgrading to Mac OS 10.3, I discovered login fails to proftpd -- >> apparently 10.3 requires pam auth. >> >> So, I followed proftpd instructions for setting up pam with Mac OSX, >> creating the file /etc/pam.d/ftp and adding this: >> >> auth required pam_unix.so try_first_pass >> account required pam_unix.so try_first_pass >> session required pam_permit.so >> >> That didn't work, so I grabbed the 1st line from apple's ftpd file and >> inserted it into ftp, so now it looks like: >> >> auth sufficient pam_securityserver.so >> auth required pam_unix.so try_first_pass >> account required pam_unix.so try_first_pass >> session required pam_permit.so >> >> Now it works, but only with my account on the server. All other >> accounts >> fail at login. >> >> If I look at /var/log/secure I see identical entries whether login >> succeeds >> (on my account) or fails (on all other accounts) >> >> Nov 25 23:03:13 localhost com.apple.SecurityServer: Succeeded >> authorizing >> right system.login.tty by process /proftpd: 127.0.0.1:60768: PASS >> (hidden) >> for authorization created by /proftpd: 127.0.0.1:60768: PASS (hidden). >> >> Am new to PAM and would appreciate any help. >> >> TIA >> >> >>> Discovered proftpd will not authenticate after upgrading to Mac OSXS >>> 10.3.1. >>> Using proftpd 1.2.9. >>> >>> It's a standalone server running lookupd, netinfo, and password >>> server (not >>> LDAP). >>> >>> I'm eventually going to make the machine an Open Directory master, >>> but need >>> to make sure everything's working before I attempt it. >>> >>> Is there something else I should try to get it working, or should I >>> wait >>> till I get my OD LDAP server running and authenticate that way? >>> >> >> -- >> Randall Perry >> sysTame >> >> Xserve Web Hosting/Co-location >> Website Development/Promotion >> Mac Consulting/Sales >> >> http://www.systame.com/ >> >> >> >> >> ------------------------------------------------------- >> This SF.net email is sponsored by: SF.net Giveback Program. >> Does SourceForge.net help you be more productive? Does it >> help you create better code? SHARE THE LOVE, and help us help >> YOU! Click Here: http://sourceforge.net/donate/ >> _______________________________________________ >> ProFTPD Users List <pro...@pr...> >> Unsubscribe problems? >> http://www.proftpd.org/list-unsub.html >> >> > ____________________________________________________ > Institut Balear de Comunicacions, S.L. > Gremio Tejedores 22, 1 > 07009 Palma de Mallorca, Spain > Tel: +34 971.90.90.00 | Mobile: +34 607.87.12.77 > Fax: +34 971.43.08.18 | E-mail: cke...@ib... > URL: http://www.ibacom.es/ > ____________________________________________________ > > -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Development/Promotion Mac Consulting/Sales http://www.systame.com/ |