RSS feed

RE: pam_authz_search not considered

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: pam_authz_search not considered

Hi Arthur,

Thanks for your inputs. In  PAM vsftpd configuration didn't have 
for account. Once I added entry for  account required, 
pam_authz_search was sent as filter. 

Is there a way I could send $rhost during authentication as a filter? Since 
currently we authenticate  based on user/password and IP.


-----Original Message-----
From: Arthur de Jong [arthur [at]] 
Sent: Wednesday, October 28, 2015 5:51 PM
To: Lakshmi Narasimhan, Premkumar (RIS-ORL);
Subject: Re: pam_authz_search not considered

On Wed, 2015-10-28 at 13:27 +0000, Lakshmi Narasimhan, Premkumar (RIS-
ORL) wrote:
> I am trying to setup LDAP authentication for VSFTPD. Also i need to IP 
> validation so i am trying to use pam_authz_search (&(id=$rhost)), but 
> I don’t see this applied as a filter in LDAP request. Please provide 
> you valuable inputs.

The pam_authz_search option is only used in the authorisation (account) phase 
of the PAM stack. Your debug log only contains information from the 
authentication (auth) phase.

Your PAM configuration probably does not call for authorisation it 
for some reason skips it when another module already returns success.

-- arthur - - --

---------------------------------------- The information contained in this 
e-mail message is intended only for the personal and confidential use of the 
recipient(s) named above. This message may be an attorney-client communication 
and/or work product and as such is privileged and confidential. If the reader 
of this message is not the intended recipient or an agent responsible for 
delivering it to the intended recipient, you are hereby notified that you have 
received this document in error and that any review, dissemination, 
distribution, or copying of this message is strictly prohibited. If you have 
received this communication in error, please notify us immediately by e-mail, 
and delete the original message.  
To unsubscribe send an email to or see