blob: a94447338366ee4a0e7afa1b51638dc741c8a6c4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
<!--
$Id$
This file was written by Andrew G. Morgan <morgan@kernel.org>
-->
<sect1>Anonymous access module
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt/pam_ftp.so/
<tag><bf>Author:</bf></tag>
Andrew G. Morgan <morgan@kernel.org>
<tag><bf>Maintainer:</bf></tag>
Author.
<tag><bf>Management groups provided:</bf></tag>
authentication
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
<tag><bf>Network aware:</bf></tag>
prompts for email address of user; easily spoofed (XXX - needs work)
</descrip>
<sect2>Overview of module
<p>
The purpose of this module is to provide a pluggable anonymous ftp
mode of access.
<sect2>Authentication component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/;
<tt/users=XXX,YYY,.../;
<tt/ignore/
<tag><bf>Description:</bf></tag>
This module intercepts the user's name and password. If the name is
``<tt/ftp/'' or ``<tt/anonymous/'', the user's password is broken up
at the `<tt/@/' delimiter into a <tt/PAM_RUSER/ and a <tt/PAM_RHOST/
part; these pam-items being set accordingly. The username
(<tt/PAM_USER/) is set to ``<tt/ftp/''. In this case the module
succeeds. Alternatively, the module sets the <tt/PAM_AUTHTOK/ item
with the entered password and fails.
<p>
The behavior of the module can be modified with the following flags:
<itemize>
<item><tt/debug/ -
log more information to with <tt/syslog(3)/.
<item><tt/users=XXX,YYY,.../ -
instead of ``<tt/ftp/'' or ``<tt/anonymous/'', provide anonymous login
to the comma separated list of users; ``<tt/XXX,YYY,.../''. Should the
applicant enter one of these usernames the returned username is set to
the first in the list; ``<tt/XXX/''.
<item><tt/ignore/ -
pay no attention to the email address of the user (if supplied).
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
An example of the use of this module is provided in the configuration
file section <ref id="configuration" name="above">. With care, this
module could be used to provide new/temporary account anonymous
login.
</descrip>
<!--
End of sgml insert for this module.
-->
|
