pam_ftp

auth required pam_ftp.so

debug
    Enable debug logging to syslog.

no_warn
    Disable warning messages.

The pam_ftp module is a PAM (Pluggable Authentication Modules) module designed to provide authentication services for FTP (File Transfer Protocol) servers. It allows FTP servers to leverage the PAM framework for user authentication, enabling administrators to use a variety of authentication methods (e.g., passwords, Kerberos, smart cards) without modifying the FTP server software directly.

The primary function is to integrate FTP login processes with the system's authentication mechanisms. The module examines the FTP service's username and password, interacts with the PAM stack as configured in /etc/pam.d/ftp or similar configuration files, and determines whether the user is authorized to access the FTP server.

This approach promotes a standardized authentication process across multiple services on a Linux system, improving security and manageability.

This module's functionality is dependent on the FTP server's support for PAM. Configuration requires modifications to the FTP server's configuration to call the PAM library appropriately. Also ensure the /etc/pam.d/ftp or equivalent file is correctly configured to leverage pam_ftp along with other necessary PAM modules.

Configuration of pam_ftp typically involves editing the PAM configuration file specific to the FTP service. This file (e.g., /etc/pam.d/ftp) should include a line similar to 'auth required pam_ftp.so' to enable the module. Other PAM modules, like pam_unix.so, may also be included in the stack to provide password-based authentication.

If authentication fails, examine the system logs (typically /var/log/auth.log or /var/log/secure) for PAM-related messages. Ensure the FTP server is properly configured to use PAM and the correct module path is specified in the PAM configuration file.

The development and usage of pam_ftp mirrors the evolution of PAM itself. As FTP services required enhanced security and centralized authentication management, PAM modules like pam_ftp were created to bridge the gap. It enables easier integration with advanced authentication schemes developed later, such as two-factor authentication.

pam.conf(5), ftp(1)