From owner-freebsd-security Sun Aug 5 18:53:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (unknown [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 75ED337B401 for ; Sun, 5 Aug 2001 18:53:22 -0700 (PDT) (envelope-from roam@ringworld.nanolink.com) Received: (qmail 23242 invoked by uid 1000); 6 Aug 2001 01:52:14 -0000 Date: Mon, 6 Aug 2001 04:52:14 +0300 From: Peter Pentchev To: Mike Cc: FreeBSD-SECURITY Subject: Re: Ftpd problem Message-ID: <20010806045214.D586@ringworld.oblivion.bg> Mail-Followup-To: Mike , FreeBSD-SECURITY References: <20010730192031.M59043-100000@epsilon.lucida.ca> <003d01c11e14$0b90c220$0700a8c0@com.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <003d01c11e14$0b90c220$0700a8c0@com.home.com>; from wacky@blinx.net on Sun, Aug 05, 2001 at 09:06:37PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Aug 05, 2001 at 09:06:37PM -0400, Mike wrote: > Hi, I'm running FreeBSD 4.3-STABLE as a web server. Recently we have been > having a problem with ftpd. The user trys to login and when it asks for a > password it says login incorrect. The /etc/shells are correct with his > account and he is not listed in /etc/ftpusers. But he can also login via > ssh2. But if root changes his password then it will work. It's only after > the user changes his password after a certain amount of days. I do not see > anything in /etc/login.conf that could be causing this problem. Does anybody > know what might be?. I am e-mailing this because I believe its security > related. Try adding a line saying 'crypt_default = des' to the /etc/auth.conf file. You might then need to rebuild libcrypt, I'm still not sure why this is so, but from a little non-authoritative experience on 3-4 machines it seems that libcrypt understands that crypt_default=des only after it is *built* while /etc/auth.conf has a crypt_default=des line. This makes next to no sense to me, but this is the way I got it to work on three machines here. So.. # echo 'crypt_default = des' >> /etc/auth.conf # cd /usr/src/lib/libcrypt # make cleandir # make depend # make all install # make cleandir Another workaround would be to have all your users tell you their passwords, so you can convert them to MD5.. but that would be kind of stupid :) G'luck, Peter -- If this sentence didn't exist, somebody would have invented it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message