Pam and pure-ftpd in SL

[zacdurham@…]

If I'm not mistaken, pam_securityserver.so is depricated in SL. Using pam_opendirectory.so2 got pam support working for me in the port supplied /etc/pam.d/pure-ftpd/ entry.

Thanks everyone. Keep up the great work

[jmroot (Joshua Root)]

Please remember to cc the maintainer.

[scott@…]

I will follow up with the developer, and make sure this is accurate. If it is the case, I will make the appropriate changes to the Portfille. Thank you.

[scott@…]

Replying to zacdurham@…:

If I'm not mistaken, pam_securityserver.so is depricated in SL. Using pam_opendirectory.so2 got pam support working for me in the port supplied /etc/pam.d/pure-ftpd/ entry.

Do you have reference for this deprecation? If I look in /etc/pam.d a the OS X built in ftp server PAM settings, I see:

$cat ftpd 
# login: auth account password session
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

I do not see any mention anywhere of pam_opendirectory.so2, and this trac ticket is the only entry in google for the term "pam_opendirectory.so2"

[zacdurham@…]

Let me backtrack and rephrase my original submission.

The only OS X supplied shared object for opendirectory I can find is in fact "pam_opendirectory.so.2," not opendirectory.so2 as I mentioned previously. I am supposing that just using "pam_opendirectory.so" is sufficient for pam entries for using that object?

Maybe I should have chosen how I expressed this in the first place as I have no credible reference to back my suspicion of securityserver being "deprecated."

Thank you.

[scott@…]

Replying to zacdurham@…:

Let me backtrack and rephrase my original submission.

The only OS X supplied shared object for opendirectory I can find is in fact "pam_opendirectory.so.2," not opendirectory.so2 as I mentioned previously. I am supposing that just using "pam_opendirectory.so" is sufficient for pam entries for using that object?

Maybe I should have chosen how I expressed this in the first place as I have no credible reference to back my suspicion of securityserver being "deprecated."

I do not think that is what you are supposed to use, I have tested this here locally on 10.6, an simply followed these docs: ​http://download.pureftpd.org/pub/pure-ftpd/doc/README.MacOS-X

Can you revers your install and follow those instructions? Is that works for you do, I will add a note to the Portfile to make people moe aware that if they are looking to just replace the OS X server that is built in, then those are the instruction to follow.

[pixilla (Bradley Giesbrecht)]

Copying the Apple provided /etc/pam.d/ftpd to /etc/pam.d/pure-ftpd worked for me.

$ sudo cp /etc/pam.d/{ftpd,pure-ftpd}
$ cat /etc/pam.d/pure-ftpd 
# login: auth account password session
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

[pixilla (Bradley Giesbrecht)]

After looking further the pure-ftpd supplied sample works fine:

$ sudo cp -p /opt/local/share/doc/pure-ftpd/pure-ftpd.pam.10.6.sample /etc/pam.d/pure-ftpd