Description of problem: I was using vsftpd on Fedora Core 4 (vsftpd-2.0.3-1.i386.rpm) and I configured it with no anonymous access, however, Internet Explorer gave a login prompt whenever I opened ftp://myserver in the browser and that was convenient way for my users to enter username and password. So the result was: no anonymous access, but IE prompted for username and password. When I upgraded to Fedore Core 5 (vsftpd-2.0.4-1.2.i386.rpm) this feature/tweak does not work anymore and I don't get login prompt. Fedora Core 4 vs Fedora Core 5. On FC4 all works fine.. when IE connects as anonymous and is denied, a login prompt for username and password pops up. On any FC5 it does not. I'm lost. maybe because pam.d config has changed a bit? Here is my vsftpd config identical on all machines: anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES (the rest is default) Pam config on FC4: #%PAM-1.0 auth required pam_listfile.so item=user sense=allow file=/etc/vsftpd/ftpusers onerr=fail auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth Pam config on FC5: #%PAM-1.0 auth required pam_listfile.so item=user sense=allow file=/etc/vsftpd/ftpusers onerr=fail auth required pam_shells.so auth include system-auth account include system-auth session include system-auth session required pam_loginuid.so Best regards, Piccolo Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Is SELinux turned on? If so, you have to allow anonymous connections.
SELinux is disabled. Anonymous works if enabled in vsftpd.conf but thats not the issue. The issue is that browsers after receiving denial for anonymous login do not prompt for username and password as before.
Aha, my first answer was too quick, sorry for that. The change you mention happened with vsftpd 2.0.4 (see the very first line in ChangeLog). I don't know the exact background of this change, you might want to ask upstream maintainer, but I personally like this solution. It respects the way command line ftp client is working, eg. it the old version, you've never seen the result why anonymous login was rejected. Now the correct error message 530 defined by FTP protocol is shown up. There might be a solution for this, new configuration option. I'll store this bug as enhacement and look at it later on...
Can you please retest this bug against vsftpd-2.0.5. According to 2.0.5 Changelog it should be fixed now ( ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/Changelog )