<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>Debug pam</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">Hello:</FONT>
<BR> <FONT SIZE=2 FACE="Arial">I have a system running RH EL 5.2 and when I try to ftp to it and give a valid login and password, there is a delay after entering the password and then it says login incorrect. The system is running vsftpd.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Here is the contents of /etc/pam.d/vsftpd</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">#%PAM-1.0</FONT>
<BR><FONT SIZE=2 FACE="Arial">session optional pam_keyinit.so force revoke</FONT>
<BR><FONT SIZE=2 FACE="Arial">auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed</FONT>
<BR><FONT SIZE=2 FACE="Arial">auth required pam_shells.so</FONT>
<BR><FONT SIZE=2 FACE="Arial">auth include system-auth</FONT>
<BR><FONT SIZE=2 FACE="Arial">account include system-auth</FONT>
<BR><FONT SIZE=2 FACE="Arial">session include system-auth</FONT>
<BR><FONT SIZE=2 FACE="Arial">session required pam_loginuid.so</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">My question is how can I tell which part of PAM has decide the password is incorrect?</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">I tried putting the login name in /etc/vsftpd/ftpusers and I get a message about permission denied for the user, which is what I would expect. So I know when the name is not in the file I am getting passed that check.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Thanks:</FONT>
<BR><FONT SIZE=2 FACE="Arial">Jack Allen</FONT>
</P>
</BODY>
</HTML>