[Bug 869684] Re: 530 login incorrect error after upgrade

[Teppo Sulavuori]

I've been having this problem also for some time now. I did some more
testing with pam configuration and found out that there is something
broken(?) in using combination of pam_unix and pam_ldap with auth and
account management group types.

So this does NOT work (in file /etc/pam.d/vsftpd):
----------
account sufficient                      pam_unix.so
account sufficient                      pam_ldap.so               
account required                        pam_permit.so
 
auth    sufficient                      pam_unix.so
auth    sufficient                      pam_ldap.so use_first_pass
auth    required                        pam_permit.so
----------

BUT this DOES work (for both unix-only and ldap-only users, although now ldap has precedence of course):
---------
account sufficient                      pam_ldap.so               
account sufficient                      pam_unix.so
account required                        pam_permit.so
 
auth    sufficient                      pam_ldap.so
auth    sufficient                      pam_unix.so use_first_pass
auth    required                        pam_permit.so
---------

Additionally order of pam_unix and pam_ldap does not matter with session
and password types.

Also if you use pam_unix ONLY in either of account OR auth before
pam_ldap, then it also fails.

So something strange going on with pam_unix.so perhaps?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in Ubuntu.
https://bugs.launchpad.net/bugs/869684

Title:
  530 login incorrect error after upgrade

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/869684/+subscriptions