- more accurate comments on PAM configuration; system-auth for session with

[packages/proftpd.git] / ftp.pamd

diff --git a/ftp.pamd b/ftp.pamd
index 699249533cca1f783f2f551d14b370117cfa3ce7..53c7399fb339bc85509fb092782afb6739c9e2c0 100644 (file)
--- a/ftp.pamd
+++ b/ftp.pamd
@@ -1,10 +1,14 @@
 #%PAM-1.0
-auth           required        pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
+auth           required        pam_listfile.so item=user sense=deny file=/etc/ftpd/ftpusers onerr=succeed
 auth           required        pam_listfile.so item=user sense=deny file=/etc/security/blacklist.ftp onerr=succeed
-auth           required        pam_unix.so
-auth           required        pam_tally.so deny=0 file=/var/log/faillog onerr=succeed
-auth           required        pam_shells.so
-auth           required        pam_nologin.so
-account                required        pam_tally.so file=/var/log/faillog onerr=succeed
-account                required        pam_unix.so
+#auth          required        pam_shells.so
+auth           include         system-auth
+# above line in chroot()ed environment (when using DefaultRoot) causes:
+#      pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
+#      pam_tally(ftp:setcred): pam_get_uid; no such user
+# only with pam_unix in session component
+account                required        pam_nologin.so
+account                include         system-auth
+session                required        pam_limits.so
 session                required        pam_unix.so
+# on logout: PAM audit_log_acct_message() failed: Operation not permitted