<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Correct. I have to apologize for my short and totally incoherent response. I received the question at near midnight and know better than to respond to a fairly technical question
 right before retiring for the evening.<br>
<br>
My assumption is that your /etc/pam.d/vsftpd matches /etc/pam.d/sshd line for line except the line for session triggering the pam_exec.so module.<br>
<br>
Does the user you are testing with have a valid shell directive within the /etc/passwd file? I.E. /bin/bash, /bin/sh etc?<br>
<br>
And if so, does pam_shells.so exist anywhere within the common includes for the /etc/pam.d/vsftpd file? I ask these questions due to this particular configuration http://unix.stackexchange.com/questions/37539/vsftpd-fails-pam-authentication.<br>
<br>
Can you add a debug directive to the line; i.e. 'session optional pam_exec.so debug'? According to the documentation for pam_exec.so at
<a href="http://linux.die.net/man/8/pam_exec" target="_blank">http://linux.die.net/man/8/pam_exec</a> you can also add a log directive and monitor that during your tests.<br>
<br>
Those should help you further diagnose the actual problem when it works for the sshd service.<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF711942"><font face="Tahoma" size="2" color="#000000"><b>From:</b> pam-list-bounces@redhat.com [pam-list-bounces@redhat.com] on behalf of Jeffrey Starin [jeffschips@gmail.com]<br>
<b>Sent:</b> Thursday, December 25, 2014 12:48 AM<br>
<b>To:</b> Pluggable Authentication Modules<br>
<b>Subject:</b> Re: PAM not playing nicely with vsftpd and pam_exec.so<br>
</font><br>
</div>
<div></div>
<div>
<p dir="ltr">Okay. I need a bit more explanation. Glad to hear there might be hope but don't completely understand "always that directive to common session" .  I think you mean place the statement:</p>
<blockquote>
<p dir="ltr">session    optional     pam_exec.so </p>
<p dir="ltr">Inside the common session file?</p>
<p dir="ltr">If so what is the theory behind why that could work -- trying to teach myself the reasons why that could be a solution.
</p>
<p dir="ltr">Thank you. <br>
</p>
</blockquote>
<p dir="ltr"></p>
<div class="gmail_quote">On Dec 25, 2014 2:24 AM, "Jason Gerfen" <<a href="mailto:jason.gerfen@utah.edu" target="_blank">jason.gerfen@utah.edu</a>> wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="auto">
<div>You could always that directive to common-session and try. <br>
<br>
</div>
<div><br>
On Dec 24, 2014, at 11:01 PM, "Chip" <<a href="mailto:jeffschips@gmail.com" target="_blank">jeffschips@gmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
I've researched this feature extensively and need help. PAM is a difficult authentication program for me to thoroughly understand although I'm learning.</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
Running Debian Wheezy.<br>
</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
Have pam setup to trigger off an email when users login using sshd -- that works fine.  No problem using this command in the /etc/pam.d/sshd file:<br>
</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
session    optional     pam_exec.so /usr/local/bin/notify.sh<br>
</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
However, I need it to work with vsftpd and getting it to work with sshd was just a test.  However, I can't get it to work with vsftpd, the contents of /etc/pam.d/vsftpd are:<br>
</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
<br>
auth    required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed<br>
@include common-account<br>
@include common-session<br>
@include common-auth<br>
session    optional     pam_exec.so /usr/local/bin/notify-login.sh</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
What am I missing here?  Is pam even designed to work with vsftpd?  Running the following command indicates it's hooked into vsftpd, but pam_exec.so doesn't seem to want to play nicely with vsftpd.<br>
</p>
<p style="margin:0px 0px 1em; padding:0px; border:0px; font-size:14px; vertical-align:baseline; background-color:rgb(255,255,255); clear:both; color:rgb(0,0,0); font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif; font-style:normal; font-variant:normal; font-weight:normal; letter-spacing:normal; line-height:17.804800033569336px; text-align:left; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">
$ ldd /{,usr/}{bin,sbin}/* | grep -B 5 libpam | grep '^/'<br>
/bin/login:<br>
/bin/su:<br>
/sbin/mkhomedir_helper:<br>
/sbin/pam_tally2:<br>
/usr/bin/chfn:<br>
/usr/bin/chsh:<br>
/usr/bin/c_rehash:<br>
/usr/bin/crontab:<br>
/usr/bin/passwd:<br>
/usr/sbin/aspell-autobuildhash:<br>
/usr/sbin/atd:<br>
/usr/sbin/chpasswd:<br>
/usr/sbin/cron:<br>
/usr/sbin/newusers:<br>
/usr/sbin/sshd:<br>
/usr/sbin/vsftpd:<br>
<br>
</p>
<br>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Pam-list mailing list</span><br>
<span><a href="mailto:Pam-list@redhat.com" target="_blank">Pam-list@redhat.com</a></span><br>
<span><a href="https://www.redhat.com/mailman/listinfo/pam-list" target="_blank">https://www.redhat.com/mailman/listinfo/pam-list</a></span></div>
</blockquote>
</div>
<br>
_______________________________________________<br>
Pam-list mailing list<br>
<a href="mailto:Pam-list@redhat.com" target="_blank">Pam-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/pam-list" target="_blank">https://www.redhat.com/mailman/listinfo/pam-list</a><br>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>