ProFTPD module mod_auth_pam

PAM stands for Pluggable Authentication Modules, and is used to configure ways for authenticating users. Now "authenticating" a user usually means comparing a password they give with some other information, and returning a "yes/no"-style answer. PAM does not provide all of the other information for a user, such as UID, GID, home, and shell. This means that mod_auth_pam cannot be used, by itself, as an auth module for proftpd; mod_auth_pam is used to supplement other auth modules by providing access to PAM's additional authentication checks.

Installation instructions for mod_auth_pam can be found here.

The most current version of mod_auth_pam can be found in the ProFTPD source distribution:



Syntax: AuthPAM on|off
Default: AuthPAM on
Context: server config, <VirtualHost>, <Global>
Module: mod_auth_pam
Compatibility: 1.2.8rc2 and later

The AuthPAM directive enables or disables the module's runtime PAM check. If it is set to off this module does not consult PAM when authenticating a user.


Syntax: AuthPAMConfig service
Default: AuthPAMConfig ftp
Context: server config, <VirtualHost>, <Global>
Module: mod_auth_pam
Compatibility: 1.2.8rc2 and later

The AuthPAMConfig directive is used to specify the name of the service used when performing the PAM check; PAM configurations can vary depending on the service. By default, the "ftp" service is used. Note that on some platforms, e.g. FreeBSD, this may need to be set to "ftpd", depending on the PAM configuration involved.

Here's an example of changing the service used:

  <IfModule mod_auth_pam.c>
    AuthPAMConfig ftpd


The mod_auth_pam module is automatically included when proftpd is built on a system that supports PAM. To disable this automatic inclusion, use the --disable-auth-pam configure option.

Last Updated: $Date: 2007/08/17 00:11:26 $