proftpd gives 'login incorrect' error

Solution 1:

It sounds a lot like the libpam you've got installed wasn't upgraded when proftpd was, may try doing that prior to the upgrade for proftpd and see if that corrects the issue.

Also check the proftpd.conf particularly

#This is required to use both PAM-based authentication and local passwords

#AuthOrder mod_auth_pam.c* mod_auth_unix.c

^^^ and make sure that the conf didnt get updated to "generic"

Solution 2:

If this is a RHEL or CentOS EL6.x system, it's important to modify your PAM configuration, as the one that ships with the package is no good:

Edit: /etc/pam.d/proftpd to reflect:

#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
#session include system-auth
session required pam_loginuid.so

Solution 3:

One point to note that burned me is ... pam_shells.so

pam_shells.so - this requires that all the allowable shells be in /etc/shells.

With NIS, because we have many different distro's of Linux and Solaris, our NIS shells are all /usr/local/bin/

On the machines themselves, in /usr/local/bin/ we create soft links to the shells. i.e. /usr/local/bin/bash --> /bin/bash

Where I got burned is... even though /bin/bash is in /etc/shells, /usr/local/bin/bash also needs to be in there.

It's a 10 second fix, but it took me a long time to figure out.

Solution 4:

Also ensure that the home directory is actually owned by that user.. for example, I just tried to ftp to user abc, but /home/abc was owned by root, not abc, so proftpd gave me the login incorrect.