Configure vsftpd_MySQL with PAM_MySQL

Configure vsftpd bitsCN.com with PAM_MySQL
Configuring vsftpd with PAM_MySQL this blog explains how to use pam_mysql to configure vsftpd, provided that you have installed mysql and some of its services. if not, please refer to other tutorials on the network. This article focuses on the installation and configuration of pam_mysql, as well as the modification of the vsftpd configuration file, during which all the software please download, here pam_mysql is used pam_mysql-0.7RC1. The system platform is CentOS5.6. Next, go to the topic-install pam_mysql. The pam_mysql-0.7RC1 is used here. [Root @ localhost pam_mysql-0.7RC1] #. /configure -- with-openssl -- with-mysql may prompt an error: configure: error: Cannot locate mysql client library. please check your mysql installation. solution: Make sure that you have installed the mysql client library. otherwise, install the library, then [root @ localhost pam_mysql-0.7RC1] # ln-s/usr/local/mysql/include/mysql/usr/include/mysql [root @ localhost pam_mysql-0.7RC1] # ln-s/usr/ local/mysql/lib/mysql/usr/lib/mysql [root @ localho St pam_mysql-0.7RC1] # ln-s/usr/include/openssl/md5.h/usr/include/md5.h (if openssl is not installed before this step, install the openssl development kit, yum install openssl-devel) has completed the operation, execute the following command to complete the installation of pam_mysql: [root @ localhost pam_mysql-0.7RC1] #. /configure -- with-openssl =/usr -- with-mysql =/usr [root @ localhost pam_mysql-0.7RC1] # After make & make install is installed successfully, check whether pam_mysql.so exists in/lib/security. 2. install vsftpd. There are various installation methods in this step. please refer to the tutorial on the network. I personally think it is more convenient: [root @ localhost] yum-y install vsftpd 3. configure vsftpd and use mysql to store virtual users. For the most detailed and accurate method, see pam_mysql source code (the software source code you downloaded). It seems that the configuration methods of different versions are slightly different, at the beginning, I was misled by online tutorials for one night (the crypt code is inconsistent, and some of the above md5 encryption code is 4, but my installed pam_mysql uses md5 encryption code 3, which can be found in the README document), but the general idea is the same. Here, we assume that vsftpd has been installed. The following describes how to install it.
1) create a mysql database to store virtual user information and logs. 1 mysql> create database vsftpd; 2 3 mysql> use vsftpd; 4 5 mysql> create table users (6-> id int AUTO_INCREMENT not null, 7-> name char (16) binary not null, 8-> passwd char (48) binary not null, 9-> primary key (id) 10-> ); 11 12 mysql> create table logs (msg varchar (255), 13-> user char (16), 14-> pid int, 15-> host char (32 ), 16-> rhost char (32), 17-> logtime timestamp18->); add the vsftpd Virtual User method Insert records directly in the users table. 1) configure pam authentication. A) Add/etc/pam. d/vsftpd. mysql. The file name of vsftpd. mysql can be obtained at will. you only need to specify it in the vsftpd configuration file. Add the following configuration information to the file: auth required/lib/security/pam_mysql.so config_file =/etc/security/pam_mysql.confaccount required/lib/security/pam_mysql.so config_file =/etc/security/pam_mysql.conf. after auth, one line of content is attacked before the account, and the remaining content occupies one line. here, the location of the library file of pam is well-known. please modify it according to your configuration; config_file is well-known as the configuration file of pam_mysql, this configuration method seems to be supported after the pam_mysql-0.7RC1 version, if not supported this way, please use the classic configuration method, directly in vsftpd. the configuration information for editing pam_mysql in mysql is as follows: auth required/lib/security/pam_my SQL. so user = root passwd = 1123 host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = passwd crypt = 3 sqllog = 1 logtable = logs logmsgcolumn = msg logusercolumn = user logpidcolumn = pid loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1 account required/lib/security/pam_mysql.so user = root passwd = 1123 host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = passwd cryp T = 3 sqllog = 1 logtable = logs logmsgcolumn = msg logusercolumn = user logpidcolumn = pid loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1. Similarly, auth occupies one row and account occupies one row. B) if you did not use the classic configuration method in the previous step, you need to create/etc/security/pam_mysql.conf (depending on your personal configuration, determine the location of the file) and edit the configuration information of pam_mysql authentication. (README in pam_mysql source code is clearly written. here I will only write my configuration content): users. host = localhostusers. database = vsftpdusers. db_user = rootusers. db_passwd = 1123users. table = usersusers. user_column = nameusers. password_column = passwdusers. password_crypt = 3 verbose = 1log. enabled = 1log. table = logslog. message_column = msglog. pid_column = pidlog. user_column = userlog. Host_column = hostlog. rhost_column = rhostlog. time_column = logtime c) so far, the pam authentication configuration is basically complete. modify the vsftpd configuration below. 2) configure vsftpd. If you are using yum install vsftpd, the vsftpd configuration file is in the/etc/vsftpd/directory by default. here we will mainly modify the vsftpd. conf file. Ps: vsftpd can have multiple configuration files. the number of vsftpd instances = the number of configuration files. Prerequisites: you have installed vsftpd and set up virtual user virtual_user for vsftpd. configure the following options (if not, add them): # startanonymous_enable = NOlocal_enable = YESpam_service_name = vsftpd. mysqluserlist_enable = bytes = YESguest_enable = YESguest_username = virtual_user_config_dir =/etc/vsftpd/virtual_user_conf # over description: pam_service_name is the configuration file required for pam_mysql authentication in the previous step. Guest_enable = YESguest_username = virtual_user indicates that virtual user authentication is enabled and the local user mapped to the virtual user is virtual_user. User_config_dir =/etc/vsftpd/virtual_user_conf indicates the vsftpd virtual user permission configuration Directory. Each Virtual User corresponds to a configuration file.
3) Fill in the vsftpd virtual user permission configuration information. The content is as follows: local_root =/var/www write_enable = YES download_enable = YESanon_world_readable_only = NOanon_upload_enable = YESanon_mkdir_write_enable = YESlocal_umask = 022 4. add virtual user information to the corresponding table in mysql, restart vsftpd, and debug vsftpd logon. In this process, it may not succeed. if you have configured the above steps, there is no technical problem. if you fail to succeed, it depends on your character. Ps: You can view the error information in/var/log/messages during debugging to quickly diagnose the problem. BitsCN.com