Kerberos FTP ticket filename

Tiago Elvas tiagoelvas at gmail.com
Mon May 20 12:57:31 EDT 2013 

I am not sure I fully understand your indications so I paste the contents
of the files:
/etc/pam.d/vsftpd

> #%PAM-1.0
> session    optional     pam_keyinit.so    force revoke
> auth       required     pam_listfile.so item=user sense=deny
> file=/etc/vsftpd/ftpusers onerr=succeed
> auth       required     pam_shells.so
> auth       include      system-auth
> account    include      system-auth
> session    include      system-auth
> session    required     pam_loginuid.so


/etc/pam.d/system-auth

> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        [success=done new_authtok_reqd=done ignore=ignore default=bad]
> pam_krb5.so minimum_uid=500
> auth        sufficient    pam_unix.so nullok try_first_pass uid < 500
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        required      pam_deny.so
> auth        required      pam_tally.so onerr=fail no_magic_root
> account     [success=done new_authtok_reqd=done ignore=ignore default=bad]
> pam_krb5.so minimum_uid=500
> account     required      pam_unix.so uid < 500
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
> account     required      pam_tally.so per_user deny=5 no_magic_root_reset
> password    requisite     pam_cracklib.so try_first_pass retry=3
> password    [success=done new_authtok_reqd=done ignore=ignore default=bad]
> pam_krb5.so minimum_uid=500
> password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
> use_authtok remember=7
> password    required      pam_deny.so
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond
> quiet use_uid
> session     optional      pam_krb5.so minimum_uid=500
> session     required      pam_unix.so








On Mon, May 20, 2013 at 6:46 PM, Russ Allbery <rra at stanford.edu> wrote:

> Tiago Elvas <tiagoelvas at gmail.com> writes:
>
> > As for the SSH, could you tell me how to accomplish that? In my initial
> > attempts I believe I tried to set ccache name and dir but without
> > success.
>
> Which Kerberos PAM module are you using?
>
> > The ftp server is vsftpd. Does this help?
>
> vsftpd's source appears to do the right thing.  Try adding debug to the
> PAM options line for vsftpd and see what syslog says about what's
> happening.  You should see a pam_auth -> pam_setcred -> pam_open_session
> sequence at the start and a pam_close_session at the end of the FTP
> session.
>
> --
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
>

More information about the Kerberos mailing list