On Sun, Aug 05, 2001 at 09:06:37PM -0400, Mike wrote:
> Hi, I'm running FreeBSD 4.3-STABLE as a web server. Recently we have been
> having a problem with ftpd. The user trys to login and when it asks for a
> password it says login incorrect. The /etc/shells are correct with his
> account and he is not listed in /etc/ftpusers. But he can also login via
> ssh2. But if root changes his password then it will work. It's only after
> the user changes his password after a certain amount of days. I do not see
> anything in /etc/login.conf that could be causing this problem. Does anybody
> know what might be?. I am e-mailing this because I believe its security
> related.

Try adding a line saying 'crypt_default = des' to the /etc/auth.conf file.
You might then need to rebuild libcrypt, I'm still not sure why this
is so, but from a little non-authoritative experience on 3-4 machines
it seems that libcrypt understands that crypt_default=des only after
it is *built* while /etc/auth.conf has a crypt_default=des line.
This makes next to no sense to me, but this is the way I got it to
work on three machines here.

So..

# echo 'crypt_default = des' >> /etc/auth.conf
# cd /usr/src/lib/libcrypt
# make cleandir
# make depend
# make all install
# make cleandir

Another workaround would be to have all your users tell you their
passwords, so you can convert them to MD5.. but that would be kind
of stupid :)

G'luck,
Peter

-- 
If this sentence didn't exist, somebody would have invented it.
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]