[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] Ftpd is Linux-PAM only.
From: |
Simon Josefsson |
Subject: |
Re: [bug-inetutils] Ftpd is Linux-PAM only. |
Date: |
Wed, 06 Jun 2012 10:31:16 +0200 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
Mats Erik Andersson <address@hidden> writes:
> Dear all,
>
> to my disappointment I observe that the present "ftpd/pam.c"
> is strongly dependent on Linux-PAM, in fact is properly
> working if and only if "pam_ftp.so" by Andrew G. Morgan is
> deployed and used. This in turn depends on the macros
> PAM_INCOMPLETE and PAM_CONV_AGAIN which only exist in
> Lainux-PAM and which are taken from an Openpam Group
> draft no. 8, by the very same A. G. Morgan. Exactly the
> same code base is in use by the Debian package "linux-ftpd",
> so it was clearly copied lazily into GNU Inetutils.
>
> The absence of "pam_ftp.so" will, due to the coding of separate
> calls pam_user() and pam_pass() from "ftpd/ftpd.c", make it
> impossible for non-anonymous user to get access to the FTP daemon.
>
> It is very disturbing to have this very non-portable code,
> so I would like your view on the following suggestion:
>
> * Protect the present PAM code by a configuration setting,
> only invoking it on systems with Linux-PAM. Probably
> all Glibc architectures.
>
> * Develop a new PAM integration for "ftpd" that is usable on
> BSD systems, i.e., FreeBSD, NetBSD, DragonFlyBSD, and on Solaris.
I prefer 2) if it doesn't have any significant disadvantages over the
current code.
/Simon