Hi, * Nico Golde <[email protected]> [2008-12-21 14:00]: [...] > > On connection to the server via a client, if an invalid username is > > supplied, a 530 error is immediately returned, instead of a password > > prompt being returned before failure. > > This is a quite common problem, your local login program > does the same (so does pam-opie). But the issue itself is not an important > security issue, downgrading.
I checked my own vsftpd installation now, what are your
settings for userlist_deny? The manpage states:
userlist_deny
This option is examined if userlist_enable is activated. If you
set this setting to NO, then users will be denied login unless
they are explicitly listed in the file specified by
userlist_file. When login is denied, the denial is issued
before the user is asked for a password.
Default: YES
So I guess you have this set to NO?
Cheerse
Nico
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpG89kGhKIpA.pgp
Description: PGP signature
