PAM and proftpd

[zeki79]

hello

in my /var/log/message i see on evry ftp login these message:

---
Jul 18 18:56:04 dreambox proftpd: PAM unable to dlopen(/lib/security/pam_pwdb.so)
Jul 18 18:56:04 dreambox proftpd: PAM [dlerror: /lib/security/pam_pwdb.so: cannot open shared object file: No such file or directory]
Jul 18 18:56:04 dreambox proftpd: PAM adding faulty module: /lib/security/pam_pwdb.so
Jul 18 18:56:05 dreambox proftpd[32586]: dreambox.domain.xx (dsl-du-00-000-000-000.xy.xy[xx.xx.xx.xx]) - PAM(USERNAME): Module is unknown.
Jul 18 18:56:05 dreambox proftpd[32586]: dreambox.domain.xx (dsl-du-00-000-000-000.xy.xy[xx.xx.xx.xx]) - USER USERNAME: Login successful.
---

i dont have a pam_pwdb.so on my system... any one know whats wrong ?

i have running suse91 / plesk 7.5.2

thanks!

 

[bonzz]

i have the same entries in my /var/log/message file... also pam_pwdb.so is missing on my system. i'm using SuSE 9.0 with Plesk 7.1.7.

has anyone an idee what the problem is?
thanks!

 

[jamesyeeoc]

Have you checked to see if any of the PAM rpms have been installed on your Suse systems?

I don't use Suse, so I don't know if they are installed normally or not.

If not, then try and find a Suse 9.1 (or 9.0 for bonzz) compatible rpm(s):

pam
pam_smb
pam-devel
pam_krb5

These are present on RH type Plesk systems.

 

[zeki79]

hi
i installed all pam* modules on my suse and i still have the error...

 

[jamesyeeoc]

And you still don't have the pam_pwdb.so file anywhere on your system? Don't just look in the /lib/security directory, that's just the default location where it's being looked for. If the file does not exist anywhere on your Suse box, then you may want to play with the /etc/pam.d/ftp config file (at your own risk). I really am not familiar with Suse, so I'm going to shut up now, just was trying to possibly help , but am getting in over my head with Suse....

This is my /etc/pam.d/ftp file on a RH system, Plesk 7.5.3 fresh install.

[root@ns2 pam.d]# cat ftp
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required /lib/security/pam_shells.so

account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so

 

[zeki79]

strange...
i dont find a file called pam_pwdb.so

thats my /etc/pam.d/ftp

dreambox:/etc/pam.d # more ftp
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succee
d
auth required /lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required /lib/security/pam_shells.so

account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
dreambox:/etc/pam.d #

 

[jamesyeeoc]

Again, this may be due to differences between RH and Suse, but as you notice, mine does not have the last line (shown in your post).

Also, I found a couple of Google results which indicate that for Suse 9.x you may have to use pam_unix.so or pam_unix2.so instead of 'unsupported pam_pwdb.so'.

Google on terms: 'pam_pwdb.so +pam_unix'

 

[zeki79]

okay, thank you!

i commented out:
auth required /lib/security/pam_pwdb.so shadow nullok

now i dont get an error ;-)

 

[bonzz]

thank you jamesyeeoc!

i've replaced 'pam_pwdb.so' with 'pam_unix.so' in /etc/pam.d/ftp. i also had to remove the 'shadow' option from the second line... now, everything works fine

my /etc/pam.d/ftp looks like this now:

home:/etc/pam.d # cat ftp
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_unix.so nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth required /lib/security/pam_shells.so

account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so