Recently cPanel's PureFTP authentication module (pureauth) was altered to forbid any authenticators from running after itself. Specifically, when a username didn't exist, pureauth used to return 0 for auth_ok, which means "user not found". But now it returns -1 for all nonexistent usernames, which means "user was found but there was a fatal error". This change prevents other authentication modules from running after cPanel's.

The workaround for the customer is for them to list their other authentication module(s) (such as MySQL) *above* the ftpd.sock line in the file /etc/pure-ftpd.conf. This causes the other authentication module(s) to run before the cPanel authentication module. The drawback to this is that any particular username that exists in more than one module (i.e. duplicate usernames) will no longer have precedence given to cPanel. This in turn would block such a cPanel user from logging into FTP.

Tech support has informed me that "The change to -1 was made because non-existent users were not triggering brute force attacks with our cPHulk daemon".

If possible, please revert to the former behavior to maximize flexibility. Alternatively, perhaps a configuration option can be provided in WHM to choose the former behavior.