I had to fiddle with this to get the auto-vacation working for local users.
Squirrelmail's option vacation_local uses the (vs)ftp backend and, since
vsftpd uses pam to authenticate local ftp logins, there was a problem where
it was not allowing local users who did not have a shell to log in. One
solution was granting them a shell which is tedious and a massive security
hole.
So I found that for every service that uses pam, there is a corresponding
file/module in /etc/pam.d
for /etc/pam.d/vsftpd I found there is an entry:
auth required pam_shells.so (This suggested to me, vsftpd's pam
REQUIRES users to have a login shell)
..which was absent in /etc/pam.d/dovecot (a service that makes no
distinction in authenticating between users who have a shell and those who
don't)
So I commented out that line, restarted vsftpd and voila, local users with
no shell could log in and the vacation message option was working for them.
Squirrelmail's option vacation_local uses the (vs)ftp backend and, since
vsftpd uses pam to authenticate local ftp logins, there was a problem where
it was not allowing local users who did not have a shell to log in. One
solution was granting them a shell which is tedious and a massive security
hole.
So I found that for every service that uses pam, there is a corresponding
file/module in /etc/pam.d
for /etc/pam.d/vsftpd I found there is an entry:
auth required pam_shells.so (This suggested to me, vsftpd's pam
REQUIRES users to have a login shell)
..which was absent in /etc/pam.d/dovecot (a service that makes no
distinction in authenticating between users who have a shell and those who
don't)
So I commented out that line, restarted vsftpd and voila, local users with
no shell could log in and the vacation message option was working for them.
No comments:
Post a Comment