OES 2 SP2/SP3, clustered or multi-instance pure-ftpd stops authenticating after a pure-ftpd update

Although it is not the default situation, some administrators run pure-ftpd on OES 2 SP2 or SP3 by using the Perl script /usr/sbin/pure-config.pl .  This is likely to be used where multiple instances of pure-ftpd are running, either on one system or within a cluster.

 

If this method of starting pure-ftpd is in use and the pure-ftpd package is updated, pure-ftpd authentications may fail.  The failure would occur if the user in question is not already in the Novell Account Management cache (nam cache).  For example, if the system is rebooted or if the cache is cleared with "namconfig cache_refresh " then an eDirectory user would fail to login to pure-ftpd until some other login event pushed his information into the cache.  For example, if the same user first logged in through sshd, then that user would be able to login to pure-ftpd as well.

As of late 2012, if this problem occurs, it is an indication that pure-ftpd was reinstalled or updated, but other packages are not updated to their latest levels.  To avoid this problem altogether, the recommendation is:

 

Apply OES 2 SP3 (if not present already)

Apply SLES 10 SP4 (if not present already)

Apply current maintennace updates for OES 2 SP3

 

However, in case these current levels cannot be used, see the Additional Information section below, for options.

If SLES 10 SP3 must be used instead of moving to SLES 10 SP4, then the following details should resolve the situation:

 

On OES, the additional package "novell-pure-ftpd-config" is installed to modify certain files (including /usr/sbin/pure-config.pl) in preparation for using LUM-enabled pure-ftpd.  If the pure-ftpd package is reinstalled or updated, /usr/sbin/pure-config.pl will be rewritten in standard form rather than in the OES-specific form.  Other OES-modified files in pure-ftpd are protected, but this one is at risk.

 

Here is a discussion of 2 ways to address this issue.  However, method #1 is no longer recommended, as it can leave the system vulnerable another known bug.  It is still provided only because it does not require installing a PTF package, and will still be suitable for 70% of systems.  However, method #2 is the preferred and safer solution.

 

Method #1:

 

This method can quickly fix the situation without updating any packages, but does not protect against the problem happening again, if the pure-ftpd package is re-installed.  Several options can be used to obtain the same end result.  Regardless of which of these is chosen, once the change is made, take whatever steps are normally used on that system to stop and start the pure-ftpd resources.

 

A.  Execute the script:  /opt/novell/pure-ftpd/novell-pure-ftpd-config.sh

-or-

 

B.  Copy /usr/sbin/pure-config.pl from an unaffected system to the effected system.

 

-or-

 

C.  Manually add the necessary lines to /usr/sbin/pure-config.pl .

Immediately after the initial line:    #!/usr/bin/perl

add the following: