Oberon ||
Compiler & Tools ||
Library ||
Module Index ||
Search Engine
Ulm's Oberon System:
adis-ftplogin
NAME
adis-ftplogin - checkpassword plug-in for FTP logins
SYNOPSIS
adis-ftplogin
command
DESCRIPTION
adis-ftplogin
is a plug-in that conforms to the checkpassword interface by
Dan J. Bernstein
that may be used in the context of adis-ftpup and
adis-ftpsession(1).
adis-ftplogin
- extracts a user name and a password from file descriptor 3,
- derives a login name from the user name by taking the part
before the first dash in it,
- checks the login for existance and retrieves its passwd entry
using getpwnam(3c),
- verifies that the given password does not match that of the
passwd entry,
- denies further proceeding for UIDs less than 100,
- changes effective and real user and group IDs to those of
the passwd entry,
- honors all further groups like initgroups(3c),
- tries to open .ftppasswd in the home directory specified
in the passwd entry,
- looks for an entry inside .ftppasswd for the given
user name (consisting of the login name, a dash, and an
extension part),
- checks the password against that of the .ftppasswd entry, and
- if all checks succeeded, invokes command with the options
and the root directory found in the third field of the matching
.ftppasswd entry.
DIAGNOSTICS
adis-ftplogin
does not touch the bidirectional network connection inherited through file
descriptor 0. The network connection, however, is closed in case
of failures as adis-ftplogin is (in a typical setup)
the only process keeping it. Hence, FTP clients will just see a
drop of the connection instead of an error message in case of
authentication failures.
An exit code of 1 indicates a permanent authorization failure,
an exit code of 111 is used for temporary problems.
A log entry is provided to syslog with priority auth.info
for each invocation that
- documents the parameters passed to command in case of success, or
- provide an error message otherwise.
The password is not logged.
An email message to root is generated
- if a password was provided that matches the login password, and
- on tries to login as root or other accounts with a UID less than 100.
SECURITY CONSIDERATIONS
As long no encrypting network layers are involved, login credentials for
FTP are passed as clear text over network connections.
Therefore protocols like that of ssh and scp are to be preferred.
In many contexts,
however, FTP with all its inherent insecurities is the only convenient
option to exchange data.
The idea of adis-ftplogin is to minimize the risk of clear text
passwords for FTP by
- enforcing other passwords than the fully privileged password
that allows to login to a ordinary shell, and by
- allowing an unrestricted number of FTP logins
to make individual FTP accesses as restrictive as possible.
It may be wise, however, to apply periodical checks on
the root directories and options specified in the user's
.ftppasswd files if they match the local policy.
The security considerations of FTPUnixFileSystems apply here.
SEE ALSO
The checkpassword interface is documented on
http://cr.yp.to/checkpwd/interface.html.
- adis-ftpup
-
reads user name and password and provides them to a plug-in
like adis-ftplogin.
- adis-ftpsession(1)
-
usually taken for command that
runs the FTP session after a successful authorization.
- dot-ftppasswd(5)
-
documentation of the file format of .ftppasswd files.
Edited by: borchert, last change: 2001/05/15, revision: 1.1, converted to HTML: 2001/05/15
Oberon ||
Compiler & Tools ||
Library ||
Module Index ||
Search Engine