[OpenAFS] AFS FTP Permissions

John Bleichert John Bleichert <syborg@stny.rr.com>
Mon, 18 Mar 2002 15:52:47 -0500 (EST)

I use the linux port of the openbsd ftp server. It authenticates with AFS 
via a PAM module. All you need to do is create a proper 'ftp' file in 


so that ftp can authenticate. Something like:

[syborg@janeway syborg]$ cat /etc/pam.d/ftp 
auth       required     /lib/security/pam_listfile.so item=user sense=deny 
file=/etc/ftpusers onerr=succeed
auth       sufficient   /lib/security/pam_afs.so try_first_pass 
auth       required     /lib/security/pam_pwdb.so shadow nullok
auth       required     /lib/security/pam_shells.so
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

This method also works fine for ssh1 access ;-)

> Date: Mon, 18 Mar 2002 13:13:36 -0500 (EST)
> From: Derrick J Brashear <shadow@dementia.org>
> To: openafs <openafs-info@openafs.org>
> Subject: Re: [OpenAFS] AFS FTP Permissions
> On Mon, 18 Mar 2002, Michael Aldrich wrote:
> > I can connect to the server via FTP, and also send/receive files from/to my
> > local computer. I get a 'Permission Denied' error when I try to put a new
> > file in any directory under /afs.
> you don't have tokens, so you can't write into afs. if you use the ftpd
> with afs, it has serious problems, but it will get tokens. still, i
> recommend you instead use the ftpd that comes with kth-krb, or with
> heimdal; they get tokens but are modern and if used with a useful client
> will do useful authentication
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

|-John Bleichert----syborg@stny.rr.com----------------|