PAM (Pluggable Authentication Modules)
The use of PAM by
proftpd is very specific: the server only
uses PAM to check whether a given user should or should not be allowed to
login. This means that the necessary information for a user must be defined
some other source (e.g.
before PAM comes into play. The PAM API does not allow for information such
as UID, GID, home directory, etc to be passed by PAM modules, and since
proftpd requires this information in order to setup an FTP
session properly, an auth module other than
The PAM check only happens during the dispatching of the
mod_auth_pam registers only one authentication
handler for this. The following pseudocode from
function shows the sequence of events:
check for UserPassword if present, and if user exists, call auth_check() done call auth_authenticate()As this function is only called after
auth_getpwnam()has been called, the user must exist in other sources before that user will be checked using PAM.