Subject: Re: ProFTP security
schinder@pobox.com
Date: Thu Sep 30 1999 - 06:24:44 MDT
On Wed, Sep 29, 1999 at 11:30:19PM -0400, Jason Stanford wrote:
} I don't know anything about PAM (but am anxious to learn!), but to
} get BSD ftpd working, I simply copied my /etc/pam.d/ssh to
} /etc/pam.d/ftp and things work. (The ssh pam file was "stock" from
} running Dan's install-ssh script if that makes any difference.)
} Basically, are things fine if that works ok? Or do I need to
} carefully consider *exactly* what goes into that pam file? Any help
} would be greatly appreciated.
One thing you might consider a one-time password system. Unlike ssh,
ftp (and telnet and rlogin...) sends passwords in cleartext, which
means they can be sniffed. A one-time password system ensures that
even if the password is sniffed, it's useless to the sniffer. I built
the OPIE PAM module from source with no difficulty, and am using it
with telnet. I haven't tried it with ftp yet because I've been
turning PAM off with wu-ftpd and turning on wu-ftpd's built in s/key
support.
} Also, any good docs out there on what pam is, what it does, how to
} use it, program it, etc? Thanks.
Look in /usr/doc. There's also a Linux-PAM website:
<http://www.us.kernel.org/pub/linux/libs/pam/index.html>.
-- Paul Schinder schinder@pobox.com
This archive was generated by hypermail 2a24 : Fri Oct 01 1999 - 16:13:45 MDT