Kerberos FTP ticket filename
Tiago Elvas
tiagoelvas at gmail.com
Tue May 21 04:31:22 EDT 2013
Still no success.
I tried adding the debug option but no conclusing messages shown..
Any other thoughts?
On Mon, May 20, 2013 at 7:18 PM, Russ Allbery <rra at stanford.edu> wrote:
> Tiago Elvas <tiagoelvas at gmail.com> writes:
>
> > I am not sure I fully understand your indications so I paste the contents
> > of the files:
> > /etc/pam.d/vsftpd
>
> >> #%PAM-1.0
> >> session optional pam_keyinit.so force revoke
> >> auth required pam_listfile.so item=user sense=deny
> >> file=/etc/vsftpd/ftpusers onerr=succeed
> >> auth required pam_shells.so
> >> auth include system-auth
> >> account include system-auth
> >> session include system-auth
> >> session required pam_loginuid.so
>
> It looks like you're probably using Red Hat's pam_krb5 module, which is
> probably why setting ccache didn't do what you want. If you wanted to
> pursue that, I think the ccache directive of mine:
>
> http://www.eyrie.org/~eagle/software/pam-krb5/
>
> is a bit more flexible, but I'm not positive. I haven't looked at what
> options Red Hat supports for ccache settings for a while.
>
> Anyway, to debug your vsftpd problem, add "debug" to the end of the
> pam_krb5.so lines in your system-auth configuration file and then check
> syslog after an FTP login. I'm not sure what output the Red Hat module
> produces by default, but hopefully it's still enough to figure out whether
> the session is being closed properly and if there are any errors in doing
> so.
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
>
More information about the Kerberos
mailing list