Hi all;

I'm new to HPUX( single machine for about a month ). Most of the
configuration seem to be working fine. The exception is ftp. The machine
seems to allow me to connect ( I get a host:username prompt ), but if
I hit return or enter a username it immediately states:

530 User garyarm access denied...
Login Failed

I never get prompted for a password. This same machine will let me
rlogin to , telnet to , and ftp out of it, but not ftp in.

Since I can connect and the error is access denied, I believe I'm
hitting a permissions problem. I saw an ftp entry in pam.conf and
commented it out, but the behavior is the same.

If someone could point me in the correct direction.

TIA
Gary

Rick Jones wrote:
>>If someone could point me in the correct direction.
>
>
> you might check the ftpaccess file and manpage.
>
> rick jones

You learn something new daily. ftpaccess is new to me. It doesn't exist
in Solaris 8 but does in Solaris 9 ( news to me, I also have a single
Sol9 box).

Back on task, when I look at inetd.conf on my HP I see:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l

The ftpd man page says -a enables ftpacces and -A disables. I'm not sure
what happens if neither is specified. So I made it:
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a

Then I copied ftpacces from my Solaris 9 machine to /etc/ftpd on my HPUX
machine( a foolish thing I know, but the man pages appear exact dups ).
kill -HUP sent to inetd and tried ftp again.

Same stuff. 8^(

Is there a simple template for this file? I wish to eliminate it as a
problem. I don't need anonymous ftp or anything similar. If they have a
valid NIS usercode/password let them in.

TIA
Gary

If it wasn't ftpaccess then you might check to make sure that the
shell(s) used by the accounts ftp'ing to the system are in
/etc/shells. I think that more details on that one is in the
comp.sys.hp.hpux FAQ which should be archived on rtfm.mit.edu.

rick jones
--
portable adj, code that compiles under more than one compiler
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to raj in cup.hp.com but NOT BOTH...

Make sure the userid has a non-null passwd. Verify the shell you are
using for the userid, it must either be included in /etc/shells or, if
/etc/shells does not exist, it must be one of the 'standard' shells.
Lastly, the id must not appear in the /etc/ftpd/ftpusers file.


From man ftpd:
ftpd authenticates users according to three rules:

+ The user name must be in the password data base, /etc/passwd,
and not have a null password. The client must provide the
correct password for the user before any file operations can
be performed.

+ The user name must not appear in the file /etc/ftpd/ftpusers
(see ftpusers(4)).

+ The user must have a standard shell returned by
getusershell().


getusershell looks for the file /etc/shells. If /etc/shells does not
exist or is not readable, getusershell() returns the following standard
system shells:
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

note: validation of the shell is done by string match, so the passed
shell string must match exactly the string in /etc/shells.

Rick Jones wrote:
> If it wasn't ftpaccess then you might check to make sure that the
> shell(s) used by the accounts ftp'ing to the system are in
> /etc/shells. I think that more details on that one is in the
> comp.sys.hp.hpux FAQ which should be archived on rtfm.mit.edu.
>
> rick jones

Bingo;

/etc/shells is the problem. In Solaris if /etc/shells doesn't exist,
getusershell returns both /bin and /usr/bin flavors of all the common
shells. Apparently, HPUX only returns /usr/bin flavors. My passwd file
entries are /bin/shellname. Hmmmm, maintain /etc/shells or change the
passwd file convention?

Thanks Rick & Robert
Gary