In order to maintain security while still allowing users to use FTP to get
to their files, I set up a system where users get different passwords which
they use for FTP. Using PAM, this was pretty easy, I just used
auth required /lib/security/pam_userdb.so db=/etc/ftp/users
And made a little Perl script to maintain the /etc/ftp/users database.
Then I upgraded to RedHat 7, which broke pam_userdb (it was linked
improperly against the DB library). The Rawhide RPM fixes the problem by
linking against libdb.so.2. But the 6.2 pam_userdb was linked against
libdb.so.3, and I can't make the new version read databases that were
usable by the old version.
I also can't figure out how to create any database it can read. db_load
(the db3 version, I believe) won't do it. db2_load won't do it. The
module just logs this to syslog:
Nov 15 05:21:34 ilnea pam_userdb[19078]: user_lookup: could not open database
`/etc/ftp/users'
even though an strace verifies that an open call succeeds.
So now I'm hosed. I can't downgrade PAM to the 6.2 version due to library
dependencies. I can't make files that pam_userdb can read, and I have no
alternatives (as there's no other PAM module I can find which will let me read
usernames and passwords from something other than NIS or /etc/passwd).
Perhaps LDAP is the answer, but I'm clueless there and need a quick
solution.
Can anyone offer any suggestions at all?
--
Jason L Tibbitts III - [EMAIL PROTECTED] - 713/743-3486 - 660PGH - 94 PC800
System Manager: University of Houston Department of Mathematics
Born alone beneath pale sardonic skies. One love, one life, one sorrow.
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
