From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020301

Description of problem:
I tried setting userlist_deny=NO to have all users denied access to the vsFTPd
service except those listed in the /etc/vsftpd.user_list file. Although the ftp
login allowed me to enter only the user names from that list, all login attempts
failed to recognize valid passwords.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Open /etc/vsftpd.conf.
2.Set userlist_deny=NO
3.Restart daemon (/etc/init.d/vsftpd restart)
4. Try to ftp to server as any user in /etc/vsftpd.user_list.
	

Actual Results:  All login attempts fail.
Attempts to login as users not in the /etc/vsftpd.user_list file don't even get
a chance to enter a password.

Expected Results:  Valid user accounts in /etc/vsftpd.user_list should have been
allowed to login to the server. 

Additional info:

I added a regular user name to the /etc/vsftpd.user_list, just to make sure that
something else wasn't just blocking root and other admin passwords. Same result.
I also tried setting userlist_enable=NO to see if that helped (it's set to YES
in vsftpd.conf). The users listed in /etc/vsftpd.user_list still had their
passwords rejected. However, anonymous and real users were allowed in again.