[Freeipa-users] kerberized vsftpd login problem
John Obaterspok
john.obaterspok at gmail.com
Thu Mar 27 20:47:09 UTC 2014
2014-03-23 19:45 GMT-04:00 Dmitri Pal <dpal at redhat.com>
> 2014-03-23 9:01 GMT+01:00 John Obaterspok <john.obaterspok at gmail.com>:
> >
> > Hello,
> >
> > How do I get vsftpd login to work with an existing ticket?
> > I've added ftp as an identity service (ftp/ipaserver.my.lan at MY.LAN)
> > Is there anything else I need to do to allow ftp login to vsftpd?
>
> What ftp client and server are you using?
> Do you know whether they are actually supporting Kerberos?
> May be consider other tools like scp instead?
I'm using vsftpd with default settings in Fedora 20 + ftp client from
krb5-appl-clients. vsftpd is linked to pam, gssapi_krb5, and more.
/etc/pam.d/vsftpd looks like this:
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
Perhaps I need to change something in the pam file in order to allow sso?
-- john
More information about the Freeipa-users
mailing list