proftpd/vsftpd + LDAP
Łukasz Jagiełło
jagiello.lukasz at gmail.com
Thu May 27 09:13:52 UTC 2010
Hi,
I'm using the LDAP for auth users at FTP service. Want to create
configuration for users where everyone who connect need to be at LDAP
but can use any password (for developers who doesn't want left own
password at code). Thats make in PAM and it's working. Problem is when
I try auto create homedir's for FTP in different location then LDAP
homeDirectory. For example:
user: user1
password: any_password_he_likes
homeDirectory: /home/user1
Now I want when user connect use directory '/somedir/ftp/user1' (not
/home/user1) and autocreate it if doesn't exist.
Proftpd got native LDAP support for connection and there is option
'LDAPForceGeneratedHomedir' and 'LDAPGenerateHomedirPrefix' but it's
likely impossible to allow connect user without password check (any
password is correct).
My pam configuration for proftpd/vsftpd:
#v+
# cat /etc/pam.d/proftpd
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_shells.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_env.so
session required pam_stack.so service=system-auth
#v-
I try pam_env with:
#v+
# tail /etc/security/pam_env.conf
#
# silly examples of escaped variables, just to show how they work.
#
#DOLLAR DEFAULT=\$
#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
#ATSIGN DEFAULT="" OVERRIDE=\@
HOME DEFAULT="/d0/ftp/@{PAM_USER}" OVERRIDE="/d0/ftp/@{PAM_USER}"
homeDirectory DEFAULT="/d0/ftp/@{PAM_USER}" OVERRIDE="/d0/ftp/@{PAM_USER}"
#v-
But didn't override HOME.
Regards
--
Łukasz Jagiełło
lukasz<at>jagiello<dot>org
More information about the users
mailing list