Re: Ftpd problem

From: Peter Pentchev (roam@ringlet.net)
Date: 08/06/01


Date: Mon, 6 Aug 2001 04:52:14 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Mike <wacky@blinx.net>

On Sun, Aug 05, 2001 at 09:06:37PM -0400, Mike wrote:
> Hi, I'm running FreeBSD 4.3-STABLE as a web server. Recently we have been
> having a problem with ftpd. The user trys to login and when it asks for a
> password it says login incorrect. The /etc/shells are correct with his
> account and he is not listed in /etc/ftpusers. But he can also login via
> ssh2. But if root changes his password then it will work. It's only after
> the user changes his password after a certain amount of days. I do not see
> anything in /etc/login.conf that could be causing this problem. Does anybody
> know what might be?. I am e-mailing this because I believe its security
> related.

Try adding a line saying 'crypt_default = des' to the /etc/auth.conf file.
You might then need to rebuild libcrypt, I'm still not sure why this
is so, but from a little non-authoritative experience on 3-4 machines
it seems that libcrypt understands that crypt_default=des only after
it is *built* while /etc/auth.conf has a crypt_default=des line.
This makes next to no sense to me, but this is the way I got it to
work on three machines here.

So..

# echo 'crypt_default = des' >> /etc/auth.conf
# cd /usr/src/lib/libcrypt
# make cleandir
# make depend
# make all install
# make cleandir

Another workaround would be to have all your users tell you their
passwords, so you can convert them to MD5.. but that would be kind
of stupid :)

G'luck,
Peter

-- 
If this sentence didn't exist, somebody would have invented it.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • WinXP laptop, simple-style login conn to Win2000 share, error
    ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Account Logon Time Restriction
    ... I will have to expose my ignorance here. ... workstation from which the login originates. ... this recognizable as one of your machines? ... account's likely logged-into workstation, check if ...
    (microsoft.public.win2000.security)
  • Re: Account Logon Time Restriction
    ... attempt to see what all it can access via network shares. ... workstation from which the login originates. ... this recognizable as one of your machines? ... account's likely logged-into workstation, check if ...
    (microsoft.public.win2000.security)
  • Re: Safe way to rsync a homedir on login?
    ... windows machines to our couple of linux machines (rather than mount ... sure the ownership is right. ... the biggest issue is the time taken to login if all these ... on the desktop, which also happens, I wrote an rsync script that is ...
    (Ubuntu)
  • Re: Domain Controller Stops Processing All Login Requests Randomly
    ... >> machines simultaneously that are Deep Freeze clients. ... the server exhibited the same behaviour. ... The wierd thing is that I was able to login to the DC ... >>> Accelerated MCSE ...
    (microsoft.public.windows.server.dns)