Re: Ftpd problem

From: Peter Pentchev (roam@ringlet.net)
Date: 08/06/01

Next message: Empresas: "Base de Datos - 1.000 Empresas"
Previous message: Mike: "Ftpd problem"
In reply to: Mike: "Ftpd problem"
Next in thread: Vladimir: "Re: FreeBSD Security Advisory FreeBSD-SA-01:51.openssl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 6 Aug 2001 04:52:14 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Mike <wacky@blinx.net>

On Sun, Aug 05, 2001 at 09:06:37PM -0400, Mike wrote:
> Hi, I'm running FreeBSD 4.3-STABLE as a web server. Recently we have been
> having a problem with ftpd. The user trys to login and when it asks for a
> password it says login incorrect. The /etc/shells are correct with his
> account and he is not listed in /etc/ftpusers. But he can also login via
> ssh2. But if root changes his password then it will work. It's only after
> the user changes his password after a certain amount of days. I do not see
> anything in /etc/login.conf that could be causing this problem. Does anybody
> know what might be?. I am e-mailing this because I believe its security
> related.

Try adding a line saying 'crypt_default = des' to the /etc/auth.conf file.
You might then need to rebuild libcrypt, I'm still not sure why this
is so, but from a little non-authoritative experience on 3-4 machines
it seems that libcrypt understands that crypt_default=des only after
it is *built* while /etc/auth.conf has a crypt_default=des line.
This makes next to no sense to me, but this is the way I got it to
work on three machines here.

So..

# echo 'crypt_default = des' >> /etc/auth.conf
# cd /usr/src/lib/libcrypt
# make cleandir
# make depend
# make all install
# make cleandir

Another workaround would be to have all your users tell you their
passwords, so you can convert them to MD5.. but that would be kind
of stupid :)

G'luck,
Peter

-- 
If this sentence didn't exist, somebody would have invented it.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Empresas: "Base de Datos - 1.000 Empresas"
Previous message: Mike: "Ftpd problem"
In reply to: Mike: "Ftpd problem"
Next in thread: Vladimir: "Re: FreeBSD Security Advisory FreeBSD-SA-01:51.openssl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

WinXP laptop, simple-style login conn to Win2000 share, error
... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
(microsoft.public.windowsxp.security_admin)
Re: Account Logon Time Restriction
... I will have to expose my ignorance here. ... workstation from which the login originates. ... this recognizable as one of your machines? ... account's likely logged-into workstation, check if ...
(microsoft.public.win2000.security)
Re: Account Logon Time Restriction
... attempt to see what all it can access via network shares. ... workstation from which the login originates. ... this recognizable as one of your machines? ... account's likely logged-into workstation, check if ...
(microsoft.public.win2000.security)
Re: Safe way to rsync a homedir on login?
... windows machines to our couple of linux machines (rather than mount ... sure the ownership is right. ... the biggest issue is the time taken to login if all these ... on the desktop, which also happens, I wrote an rsync script that is ...
(Ubuntu)
ksh and hpux 10.20 woes
... My environment is pure NIS with the HP 10.20 machines acting as clients. ... machines when the user has /bin/ksh as the login shell leads to a hang. ... is commented out in my .profile, ... Jerry Heyman 919.224.1442 | IBM SWG/Tivoli Software|"Software is the ...
(comp.sys.hp.hpux)