Hi there, I have a question. We have a vsftpd service running which authenticates it's virtual users against an application level openldap database. No IPA involved here. It works using pam_ldap. The virtual users are mapped to a local user thru the "guest_user=<user>" directive in vsftpd.conf. As the vsftpd service is running on a IPA client (RHEL6), I was kind of hoping this "local user" would in fact be a IPA user. Nope. He must currently live in /etc/passwd. This is, I suspect, because we have a different pam file for vsftpd to be able to communicate with the application openldap, making it impossible to also use IPA.
I there a way to have the vsftpd check (and use) with IPA for it's local users and the application level openldap service for it's virtual users? This is the pam file vsftpd came with originally: #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include password-auth account include password-auth session required pam_loginuid.so session include password-auth And this is the pam file we now use: #%PAM-1.0 auth required /lib64/security/pam_ldap.so account required /lib64/security/pam_ldap.so session required /lib64/security/pam_ldap.so password required /lib64/security/pam_ldap.so Thanks for any answer. Cheers, Fred
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
