HPE Community
Operating System - HP-UX
1827295 Members
3362 Online
109717 Solutions
New Discussion

why ftp behaves diff than normal login on auth failures

 
SOLVED
Go to solution
skt_skt
Honored Contributor

‎10-29-2008 10:27 AM

‎10-29-2008 10:27 AM

why ftp behaves diff than normal login on auth failures

HP-UX 11.11

I want to know why multple ftp auth failure attempts on accounts( with shells /usr/bin/ksh & /usr/bin/false etc) do not return "account diabled" message while the normal terminal/putty logins attempts with the same accounts return error (ofcourse ftp account with /usr/bin/false will not not attempt login).

Any one know the logic behind it? Why FTP need to behave this way?

[/root] what /usr/bin/ftp
/usr/bin/ftp:
$Revision: @(#) ftp R11.11_BL2006_0224_2 PATCH_11.11 PHNE_34544
Copyright (c) 1985, 1989 Regents of the University of California.
Revision 1.1.214.5 Fri Feb 24 15:03:01 GMT 2006
0 Kudos
2 REPLIES 2
Steven Schweda
Honored Contributor

‎10-29-2008 12:25 PM

‎10-29-2008 12:25 PM

Re: why ftp behaves diff than normal login on auth failures

> Why FTP need to behave this way?

That's the way it was written? It doesn't
_need_ to behave that way. If you can write
your own FTP server program, then you can
probably make it do anything you want.

Perhaps interactive log-ins go through the
"login" program, and FTP sessions do not.
"login" does things which your FTP server
does not. "man login".
0 Kudos
Bill Hassell
Honored Contributor

‎10-29-2008 05:38 PM

‎10-29-2008 05:38 PM

Solution

Re: why ftp behaves diff than normal login on auth failures

ftp does *NOT* login. The concept of a login is associated with an interactive shell and part of the task is to setup an environment for subprocesses. ftp simply borrows the authentication mechanism (PAM) but does not use the login program and does not count login attempts. That's why scp or sftp are preferred with their multiple authentication choices (ie, password, public key, etc).


Bill Hassell, sysadmin
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.