login class help

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

login class help

Matthew S Elmore
Greetings misc@,

I am having an unusual problem attempting to setup ftp-chroot for users
via login.conf(5).

I have added (what I believe to be) the proper declarations for the
desired login class, as well as the default class.

 From what I understand, ftpd(8) has login class support enabled by default.

So... this should be working... but it doesn't appear to be.

Attached below are my login.conf and dmesg... I would appreciate any
insight.

Thanks
Matt

# grep ftp /etc/inetd.conf

ftp             stream  tcp     nowait  root    /usr/libexec/ftpd
ftpd -4USnl
-----------
# cat /etc/login.conf

# $OpenBSD: login.conf.in,v 1.1 2005/08/15 00:40:17 millert Exp $

#
# Sample login.conf file.  See login.conf(5) for details.
#

#
# Standard authentication styles:
#
# krb5-or-pwd   First try Kerberos V password, then local password file
# passwd        Use only the local password file
# krb5          Use only the Kerberos V password
# chpass        Do not authenticate, but change users password (change
#               the YP password if the user has one, else change the
#               local password)
# lchpass       Do not login; change user's local password instead
# radius        Use radius authentication
# skey          Use S/Key authentication
# activ         ActivCard X9.9 token authentication
# crypto        CRYPTOCard X9.9 token authentication
# snk           Digital Pathways SecureNet Key authentication
# token         Generic X9.9 token authentication
#

# Default allowed authentication styles
#auth-defaults:auth=passwd,skey:
auth-defaults:auth=passwd:

# Default allowed authentication styles for authentication type ftp
auth-ftp-defaults:auth-ftp=passwd:

#
# The default values
# To alter the default authentication types change the line:
#       :tc=auth-defaults:\
# to be read something like: (enables passwd, "myauth", and activ)
#       :auth=passwd,myauth,activ:\
# Any value changed in the daemon class should be reset in default
# class.
#
default:\
         :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin:\
         :umask=022:\
         :datasize-max=512M:\
         :datasize-cur=512M:\
         :maxproc-max=128:\
         :maxproc-cur=64:\
         :openfiles-cur=64:\
         :stacksize-cur=4M:\
         :localcipher=blowfish,6:\
         :ypcipher=old:\
         :tc=auth-defaults:\
         :tc=auth-ftp-defaults:\
         :ftp-chroot:

#
# Settings used by /etc/rc and root
# This must be set properly for daemons started as root by inetd as well.
# Be sure reset these values back to system defaults in the default class!
#
daemon:\
         :ignorenologin:\
         :datasize=infinity:\
         :maxproc=infinity:\
         :openfiles-cur=128:\
         :stacksize-cur=8M:\
         :localcipher=blowfish,8:\
         :tc=default:

#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
         :datasize-cur=512M:\
         :datasize-max=infinity:\
         :maxproc-max=256:\
         :maxproc-cur=128:\
         :ignorenologin:\
         :requirehome@:\
         :tc=default:

user:\
         :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin:\
         :umask=022:\
         :datasize-max=512M:\
         :datasize-cur=512M:\
         :maxproc-max=128:\
         :maxproc-cur=64:\
         :openfiles-cur=64:\
         :stacksize-cur=4M:\
         :localcipher=blowfish,6:\
         :ypcipher=old:\
         :tc=auth-defaults:\
         :tc=auth-ftp-defaults:\
         :ftp-chroot:

netdial:\
         :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin:\
         :umask=022:\
         :datasize-max=512M:\
         :datasize-cur=512M:\
         :maxproc-max=128:\
         :maxproc-cur=64:\
         :openfiles-cur=64:\
         :stacksize-cur=4M:\
         :localcipher=blowfish,6:\
         :ypcipher=old:\
         :tc=auth-defaults:\
         :tc=auth-ftp-defaults:\
         :ftp-chroot:
---
OpenBSD 3.8-stable (xxx) #1: Tue Jan 24 16:08:05 CST 2006
     root@xxx:/usr/obj/xxx
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID
real mem  = 1072193536 (1047064K)
avail mem = 971747328 (948972K)
using 4278 buffers containing 53710848 bytes (52452K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(91) BIOS, date 03/09/05, BIOS32 rev. 0 @ 0xfb790
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xdf64
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde60/240 (13 entries)
pcibios0: PCI Exclusive IRQs: 5 7 9 10 11 12
pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x25a1
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x2200
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82875P AGP" rev 0x02
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 "Intel 82875P PCI-CSA" rev 0x02
pci2 at ppb1 bus 2
em0 at pci2 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00: irq
10, address: 00:30:48:82:95:02
ppb2 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02
pci3 at ppb2 bus 3
ami0 at pci3 dev 1 function 0 "Symbios Logic MegaRAID" rev 0x01: irq 9
LSI 523 64b/lhc
ami0: FW 713N, BIOS vG119, 64MB RAM
ami0: 1 channels, 0 FC loops, 1 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: <AMI, Host drive #00, > SCSI2 0/direct fixed
sd0: 152623MB, 19456 cyl, 255 head, 63 sec, 512 bytes/sec, 312571904 sec
total
scsibus1 at ami0: 16 targets
vendor "Marvell", unknown product 0x5041 (class mass storage subclass
RAID, rev 0x00) at pci3 dev 4 function 0 not configured
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x0a
pci4 at ppb3 bus 4
trm0 at pci4 dev 2 function 0 "Tekram DC-3x5U" rev 0x01: irq 11
scsibus2 at trm0: 8 targets
trm0: target 1 using 8 bit 10.0 MHz, Offset 15 data transfers
st0 at scsibus2 targ 1 lun 0: <ARCHIVE, Python 04106-XXX, 7550> SCSI2
1/sequential removable
st0: drive empty or not ready
vga1 at pci4 dev 9 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em1 at pci4 dev 10 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00: irq
5, address: 00:30:48:82:95:03
ichpcib0 at pci0 dev 31 function 0 "Intel 6300ESB LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 6300ESB IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0: <LITE-ON, DVD SOHD-16P9SV, F$01> SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 6300ESB SATA" rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: couldn't map channel 0 cmd regs
pciide1: couldn't map channel 1 cmd regs
"Intel 6300ESB SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
sysbeep0 at pcppi0
lm0 at isa0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fbc5 netmask ffe5 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02