OES pure-ftpd -- web browsers are not prompting FTP users for name and password

Document ID:7008794
Creation Date:13-Jun-2011
Modified Date:05-Jun-2013
- Micro Focus Products:
  Open Enterprise Server

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2

Situation

FTP users attempt with a web browser to connect to a OES 2 SP2 server running pure-ftpd, with a URL like:

The system appears to connect but does not display anything, and the user never gets prompted for a user name or password.

The user can connect successfully if they supply a user name directly in the URL, such as:

ftp://username@servername

ftp://username:password@servername

This problem only seems to occur when Novell's new pure-ftpd parameter "DefaultHomeDirectory" has been set.

Resolution

As a workaround, administrators can consider remarking out the "DefaultHomeDirectory" setting and letting users' standard posix (Linux) home directories be in effect. However, for code fixes:

For OES 2 SP2

The solution is to move to SP3, which has not been known to experience this problem.

For OES 2 SP3

While no customer (nor internal Novell test) has been able to produce this problem while using OES 2 SP3, some pure-ftpd code was identified which could theoretically be involved in such an issue, and that code was revised in SLES 10 SP4's maintenance update of pure-ftpd 1.0.22-0.30.1.

For OES 11 SP0

This problem was also seen on OES 11 SP0 (no support pack). The code responsible was revised and is present in OES 11 SP1. Note that in OES 11 SP1, "Novell FTP" (or Lum-enabled FTP) is now handled by the OES package "novell-oes-pure-ftpd" rather than by the SLES package "pure-ftpd". Any publically released package named "novell-oes-pure-ftpd" already has this fix, but for informational purposes, the first publically release novell-oes-pure-ftpd was 1.0.22-29.13.

Additional Information

To understand this problem, it is important to note that pure-ftpd is not really the entity that would prompt users for their names / passwords. The actual proper sequence of events is:

- The web browser attempts to login as anonymous, because no user name has been supplied in the URL.

- If pure-ftpd is configured not to allow anonymous access, this fails as expected and the browser is told: "530 login authentication failed"

- The browser then decides to prompt the user for a name and password, so it can try as a non-anonymous user.

However, on just a few OES 2 SP2 system, it has been found that when anonymous access is disabled and "DefaultHomeDirectory" is set, pure-ftpd is simply closing the TCP connection, instead of failing gracefully with the 530 message. Most browsers will stop trying at that point, i.e. they will not decide to prompt the user for credentials for a second attempt.