<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id="pam_ftp">
<refmeta>
<refentrytitle>pam_ftp</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_ftp-name">
<refname>pam_ftp</refname>
<refpurpose>PAM module for anonymous access module</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id="pam_ftp-cmdsynopsis">
<command>pam_ftp.so</command>
<arg choice="opt">
debug
</arg>
<arg choice="opt">
ignore
</arg>
<arg choice="opt" rep='repeat'>
users=<replaceable>XXX,YYY,</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_ftp-description">
<title>DESCRIPTION</title>
<para>
pam_ftp is a PAM module which provides a pluggable
anonymous ftp mode of access.
</para>
<para>
This module intercepts the user's name and password. If the name is
<emphasis>ftp</emphasis> or <emphasis>anonymous</emphasis>, the
user's password is broken up at the <emphasis>@</emphasis> delimiter
into a <emphasis>PAM_RUSER</emphasis> and a
<emphasis>PAM_RHOST</emphasis> part; these pam-items being set
accordingly. The username (<emphasis>PAM_USER</emphasis>) is set
to <emphasis>ftp</emphasis>. In this case the module succeeds.
Alternatively, the module sets the <emphasis>PAM_AUTHTOK</emphasis>
item with the entered password and fails.
</para>
<para>
This module is not safe and easily spoofable.
</para>
</refsect1>
<refsect1 id="pam_ftp-options">
<title>OPTIONS</title>
<para>
<variablelist>
<varlistentry>
<term>
<option>debug</option>
</term>
<listitem>
<para>
Print debug information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>ignore</option>
</term>
<listitem>
<para>
Pay no attention to the email address of the user
(if supplied).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>ftp=<replaceable>XXX,YYY,...</replaceable></option>
</term>
<listitem>
<para>
Instead of <emphasis>ftp</emphasis> or
<emphasis>anonymous</emphasis>, provide anonymous login
to the comma separated list of users:
<option><replaceable>XXX,YYY,...</replaceable></option>.
Should the applicant enter
one of these usernames the returned username is set to
the first in the list: <emphasis>XXX</emphasis>.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id="pam_ftp-types">
<title>MODULE TYPES PROVIDED</title>
<para>
Only the <option>auth</option> module type is provided.
</para>
</refsect1>
<refsect1 id='pam_ftp-return_values'>
<title>RETURN VALUES</title>
<para>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The authentication was successful.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User not known.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='pam_ftp-examples'>
<title>EXAMPLES</title>
<para>
Add the following line to <filename>/etc/pam.d/ftpd</filename> to
handle ftp style anonymous login:
<programlisting>
#
# ftpd; add ftp-specifics. These lines enable anonymous ftp over
# standard UN*X access (the listfile entry blocks access to
# users listed in /etc/ftpusers)
#
auth sufficient pam_ftp.so
auth required pam_unix.so use_first_pass
auth required pam_listfile.so \
onerr=succeed item=user sense=deny file=/etc/ftpusers
</programlisting>
</para>
</refsect1>
<refsect1 id='pam_ftp-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_ftp-author'>
<title>AUTHOR</title>
<para>
pam_ftp was written by Andrew G. Morgan <morgan@kernel.org>.
</para>
</refsect1>
</refentry>