-- Sent from my HP Pre3
On Mar 27, 2014 22:13, Dmitri Pal <[email protected]> wrote:
On 03/27/2014 04:47 PM, John Obaterspok wrote:
> 2014-03-23 19:45 GMT-04:00 Dmitri Pal<[email protected]>
>> 2014-03-23 9:01 GMT+01:00 John Obaterspok<[email protected]>:
>>> Hello,
>>>
>>> How do I get vsftpd login to work with an existing ticket?
>>> I've added ftp as an identity service (ftp/[email protected])
>>> Is there anything else I need to do to allow ftp login to vsftpd?
>> What ftp client and server are you using?
>> Do you know whether they are actually supporting Kerberos?
>> May be consider other tools like scp instead?
> I'm using vsftpd with default settings in Fedora 20 + ftp client from
> krb5-appl-clients. vsftpd is linked to pam, gssapi_krb5, and more.
> /etc/pam.d/vsftpd looks like this:
>
> #%PAM-1.0
> session optional pam_keyinit.so force revoke
> auth required pam_listfile.so item=user sense=deny
> file=/etc/vsftpd/ftpusers _onerr_=succeed
> auth required pam_shells.so
> auth include password-auth
> account include password-auth
> session required pam_loginuid.so
> session include password-auth
>
> Perhaps I need to change something in the pam file in order to allow sso?
>
> -- john
If you want SSO the ftp server should be configured to use GSSAPI and
not use PAM (or fail over to PAM if client does not have a ticket). A
search of the man pages for vsftpd did not render such option. I suspect
it is either undocumented or some other Kerberos enables ftp server
needs to be used.
Does krb-appl package provide one?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
