Bug 191147 - after FC4 upgrade to FC5 vsftpd does not handle login properly.
after FC4 upgrade to FC5 vsftpd does not handle login properly.
Product: Fedora
Classification: Fedora
Component: vsftpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
Mike McLean
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2006-05-09 04:12 EDT by Karlis Kisis
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 2.0.5-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-12 09:37:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Karlis Kisis 2006-05-09 04:12:44 EDT
Description of problem:

I was using vsftpd on Fedora Core 4 (vsftpd-2.0.3-1.i386.rpm) and I configured
it with no anonymous access, however, Internet Explorer gave a login prompt
whenever I opened ftp://myserver in the browser and that was convenient way for
my users to enter username and password. So the result was: no anonymous access,
but IE prompted for username and password. When I upgraded to Fedore Core 5
(vsftpd-2.0.4-1.2.i386.rpm) this feature/tweak does not work anymore and I don't
get login prompt.

Fedora Core 4 vs Fedora Core 5. On FC4 all works fine.. when IE connects as
anonymous and is denied, a login prompt for username and password pops up. On
any FC5 it does not. I'm lost. maybe because pam.d config has changed a bit?

Here is my vsftpd config identical on all machines:
(the rest is default)

Pam config on FC4:
auth       required     pam_listfile.so item=user sense=allow
file=/etc/vsftpd/ftpusers onerr=fail
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

Pam config on FC5:
auth       required     pam_listfile.so item=user sense=allow
file=/etc/vsftpd/ftpusers onerr=fail
auth       required     pam_shells.so
auth       include      system-auth
account    include      system-auth
session    include      system-auth
session    required     pam_loginuid.so

Best regards,

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Radek Vokal 2006-05-09 04:19:45 EDT
Is SELinux turned on? If so, you have to allow anonymous connections. 
Comment 2 Karlis Kisis 2006-05-09 04:25:31 EDT
SELinux is disabled. Anonymous works if enabled in vsftpd.conf but thats not the
issue. The issue is that browsers after receiving denial for anonymous login do
not prompt for username and password as before. 
Comment 3 Radek Vokal 2006-05-11 04:43:04 EDT
Aha, my first answer was too quick, sorry for that. The change you mention
happened with vsftpd 2.0.4 (see the very first line in ChangeLog). I don't know
the exact background of this change, you might want to ask upstream maintainer,
but I personally like this solution. It respects the way command line ftp client
is working, eg. it the old version, you've never seen the result why anonymous
login was rejected. Now the correct error message 530 defined by FTP protocol is
shown up. There might be a solution for this, new configuration option. I'll
store this bug as enhacement and look at it later on... 
Comment 4 Radek Vokal 2006-07-12 09:37:06 EDT
Can you please retest this bug against vsftpd-2.0.5. According to 2.0.5
Changelog it should be fixed now (
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/Changelog )

Note You need to log in before you can comment on or make changes to this bug.