From owner-freebsd-security  Tue Nov  7 15:14: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141])
	by hub.freebsd.org (Postfix) with ESMTP id EE6EC37B479
	for <security@freebsd.org>; Tue,  7 Nov 2000 15:14:01 -0800 (PST)
Received: from nwl.fw.uunet.co.za ([196.31.2.162])
	by lists01.iafrica.com with esmtp (Exim 3.12 #2)
	id 13tHw5-000234-00
	for security@freebsd.org; Wed, 08 Nov 2000 01:13:49 +0200
Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id BAA06279 for <security@freebsd.org>; Wed, 8 Nov 2000 01:12:43 +0200 (SAST)
Received: by nwl.fw.uunet.co.za via recvmail id 6257; Wed Nov  8 01:12:13 2000
Received: from bofh.fw.uunet.co.za (bofh.fw.uunet.co.za [172.16.3.35])
	by kg.fw.uunet.co.za (Postfix) with ESMTP id 2505E1AEBA
	for <security@freebsd.org>; Wed,  8 Nov 2000 01:12:13 +0200 (SAST)
Received: from localhost (localhost [127.0.0.1])
	by bofh.fw.uunet.co.za (Postfix) with ESMTP id C91A75C2C
	for <security@freebsd.org>; Wed,  8 Nov 2000 01:12:12 +0200 (SAST)
Date: Wed, 8 Nov 2000 01:11:23 +0200 (SAST)
From: Khetan Gajjar <khetan@uunet.co.za>
X-Sender: khetan@bofh.fw.uunet.co.za
To: security@freebsd.org
Subject: FreeBSD ftpd and PAM_Radius
Message-ID: <Pine.BSF.4.21.0011080058580.26148-100000@bofh.fw.uunet.co.za>
X-Cell: +27 82 416 0160
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi.

I'm trying to setup secure ftp access to a particular host,
where the users exist in a Radius database, and on the local
machine, but I want their Radius username/password to be
used to authenticate them, and I want them to effectively be
chrooted to a particular directory on the machine. I don't
want their system password to allow them ftp access,
and when they do ftp in I want them chrooted to one specific
directory.

I can't have them chrooted to their home directory, because that's
not the directory they should be chrooted to.

i.e anyone who ftp's into the box must have their ftp session
chrooted to one directory, and their system username/password
must not let them on, only their Radius password should let them
on.

I'm trying to do this with the pam_radius module, but I'm not sure
how to specify to which directory they should be chrooted to with
ftpd. I don't want to use proftpd or wu-ftpd due to the high 
incidence of problems found in the two programs over the last 18 months.

Does anyone have any ideas ?

Khetan Gajjar.
---
khetan@uunet.co.za	* Direct     -> +27 21 658 8723 
UUNET South Africa	* Mobile     -> +27 82 416 0105
http://www.uunet.co.za	* Info Centre-> 08600 UUNET (88638)
System Administration   * PGP Key    -> kg+details@uunet.co.za



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message