proftpd的PAM认证错误

linuxpf

linuxpf

1. 
   
2. #./configure --prefix=/home/proftpd --with-modules=mod_auth_pam --enable-shadow
   
3. #make
   
4. ........
   
5. gcc -o proftpd src/main.o src/timers.o src/sets.o src/pool.o src/table.o src/regexp.o src/dirtree.o src/support.o src/netaddr.o src/inet.o src/child.o src/parser.o src/log.o src/lastlog.o src/xferlog.o src/bindings.o src/netacl.o src/class.o src/scoreboard.o src/help.o src/feat.o src/netio.o src/response.o src/ident.o src/data.o src/modules.o src/display.o src/auth.o src/fsio.o src/mkhome.o src/ctrls.o src/event.o src/var.o src/trace.o src/utf8.o src/proctitle.o src/pidfile.o src/env.o modules/mod_core.o modules/mod_xfer.o modules/mod_auth_unix.o modules/mod_auth_file.o modules/mod_auth.o modules/mod_ls.o modules/mod_log.o modules/mod_site.o modules/mod_delay.o modules/mod_cap.o modules/mod_auth_pam.o modules/module_glue.o  -L/home/soft/proftpd-1.3.1/lib -L/home/soft/proftpd-1.3.1/lib/libcap -lcap -lpam -lsupp -lcrypt
   
6. /usr/bin/ld: cannot find -lpam
   
7. collect2: ld returned 1 exit status
   
8. make: *** [proftpd] Error 1
   
9. [root@phpPgadmin proftpd-1.3.1]#
   

复制代码

真难受..............
/usr/bin/ld: cannot find -lpam
google也搜不出

试着编译,结果这样,RP一般呢:em11: :em11:

[ 本帖最后由 linuxpf 于 2008-10-13 13:44 编辑 ]

linuxpf

:em11: :em11: 一直找不到好办法


This refers to whether you wish PAM to be the final arbitrator of what is and
is not a valid ProFTPD user.  It defaults to 'off'.  With this directive on,
things like AuthUserFile directives will *NOT* work properly, since PAM will
detect these as invalid users and inform ProFTPD not to attempt to process
users through any other authentication mechanisms.

关于proftpd1.3.0 PAM认证启用
AuthUserFile                    /home/proftpd/ftpd.passwd
AuthGroupFile                   /home/proftpd/ftpd.group
AuthUserFile 将不起作用?

linuxpf

http://www.proftpd.org/docs/modules/mod_auth_pam.html

也没有说明白,提供认证用户文件在那

linuxpf

http://www.castaglia.org/proftpd ... Authentication.html



结贴,关健是自己太笨了,就那么几句,头痛几天!


Authentication Modules
proftpd uses authentication modules for accessing user account information. These modules implement an API that that daemon uses to lookup account information by name or by ID, to authenticate a user using the provided password, and to resolve names to IDs or IDs to names. The following authentication modules are all provided with proftpd:

mod_auth_unix
Handles normal authentication via /etc/passwd, /etc/group

mod_auth_file
Handles the AuthUserFile and AuthGroupFile directives, for storing user account information in other files

mod_ldap
Handles user account information stored in LDAP directories

mod_radius
Handles user account information provided by RADIUS servers

mod_sql
Handles user account information stored in SQL tables
Note that mod_auth_pam is not on this list because it cannot provide the necessary user account information. It can be used to supplement other auth modules by adding its own PAM checks, however.

qiekong

把 AuthOrder 设为        mod_auth_file.c   ，AuthUserfile就起作用了。

:wink: 今天搞了一天终于搞好了，
proftpd.conf

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                                on

ServerName                        "Debian"
ServerType                        standalone
DeferWelcome                        off

MultilineRFC2228                on
DefaultServer                        on
ShowSymlinks                        on

TimeoutNoTransfer                600
TimeoutStalled                        600
TimeoutIdle                        1200

DisplayLogin                    welcome.msg
DisplayChdir                       .message true
ListOptions                        "-l"

DenyFilter                        \*.*/

# Use this to jail all users in their homes
DefaultRoot                        ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell                off

# Port 21 is the standard FTP port.
Port                                21       

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress                1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                        30

# Set the user and group that the server normally runs at.
User                                proftpd       
Group                                nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                                022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                        on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd                on

# This is required to use both PAM-based authentication and local passwords
#AuthPAMAuthoritative           on
#AuthPAMAuthoritative            on
AuthPAM                        on
AuthPAMConfig                  proftpd
AuthOrder                        mod_auth_file.c
AuthUserFile                     /etc/proftpd/passwd
#AuthAliasOnly                   on

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile                        off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_auth_pam.c>
#    AuthPAMAuthoritative of
#</IfModule>


#<IfModule mod_sql.c>
# SQLBackend                        mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php ... p;ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

#
   IdentLookups                 off
   UseReverseDNS                off


--------------------------------------------------------
/etc/pam.d/proftd  配置

#%PAM-1.0
auth       required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       required        pam_shells.so
auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
添加虚拟用户

ftpasswd  --passwd --file /etc/proftpd/passwd --uid 33  --home /var/www/ --name qie  --shell /bin/false

测试成功

linuxpf

还有有些不懂,对pam不是很了解