How to enable ftp to support SSO

First, we need to allow ftp to support dynamic passwords, that is, the user password can be dynamically modified through the program.

The vsftpd + MySQL combination is as follows:

The following articles mainly describe the specific practices of vsftpd + MySQL virtual users in Debian Linux. I saw information about vsftpd + MySQL virtual users in Debian Linux on the relevant website two days ago, I think it's good. I just want to share it with you.

Today, I had nothing to do with ftp. The reason is very simple: to put the good stuff that can be seen elsewhere on my machine, hey! It is not easy to select an FTP server in Linux. After a bit of thinking, I chose vsftpd, the reason is that it is known as the safest FTP server in Linux, and there are still many large websites that use it as a server (this makes it easy to use ).

In order to prevent others from peeking at my password and logging on to my machine, I hate the fact that there are so many users in the system (like displaying my own hands ), therefore, I decided to use virtual users because MySQL (the best combination with PHP) is installed in the machine ), so I want to put vsftpd + MySQL virtual user data in MySQL (the best combination with PHP). Well, let's get started here. Next, let's get started!

Step 1:

Install vsftpd

Apt-Get install vsftpd (Debian is awesome !)

The system automatically generates a configuration file and an FTP user for anonymous users. vsftpd uses Pam to verify virtual users because vsftpd + MySQL virtual user information is stored in the database, therefore, we also need a local user who can read the database content and set its local directory:

 
 

  
  
#mkdir /var/ftp  
  
  
#useradd -d ftpguest /var/ftp  
  
  
#chown ftpguest.nogroup /var/ftp  
 
 

Step 2: Install MySQL (the best combination with PHP)

Apt-Get install MySQL (the best combination with PHP)-server MySQL (the best combination with PHP)-clent

Create a database and add users

 
 

  
  
# MySQL (the best combination with PHP)-P MySQL (the best combination with PHP)> Create FTPU;
  
  
MySQL (best combination with PHP)> Use FTPU;
  
  
MySQL (best combination with PHP)> Create Table user (name char (20) binary, passwd char (20) binary );
  
  
MySQL (best combination with PHP)> insert into user (name, passwd) values ('test1', password ('20140901 '));
  
  
MySQL (best combination with PHP)> insert into user (name, passwd) values ('test2', password ('20140901 '));
  
  
MySQL (best combination with PHP)> quit
  
  
Enable ftpguest to access FTPU and table User:
  
  
# MySQL (the best combination with PHP)-u root MySQL (the best combination with PHP)
-P MySQL (the best combination with PHP)> grant select on FTPU. User to ftpguest @ localhost identified by '123 ';
 
 

MySQL (best combination with PHP)> quit

Step 3: Because vsftpd is verified by Pam

Therefore, we also need a MySQL (the best combination with PHP) package verified by Pam. In Debian, it is called libpam-MySQL (the best combination with PHP)

Apt-Get install libpam-MySQL (best combination with PHP)

Enable Pam verification For vsftpd:

 
 

  
  
#vi /etc/pam.d/vsftpd  
 
 

Comment out the previous content and add the following content:

Auth required pam_mysql (best combination with PHP). So user = ftpguest passwd = 123456 host = localhost DB = FTPU table = user usercolumn = Name passwdcolumn = passwd crypt = 2

Account required pam_mysql (best combination with PHP). So user = ftpguest passwd = 123456 host = localhost DB = FTPU table = user usercolumn = Name passwdcolumn = passwd crypt = 2

The above content should be clear. The Crypt = 2 indicates something that has passed the password () secret of MySQL (the best combination with PHP!

Step 4: Modify the vsftpd. conf file

 
 

  
  
#vi /etc/vsftpd.conf  
 
 

Join:

 
 

  
  
Uest_enable = Yes
  
  
Guest_username = ftpguest
  
  
# Indicates that ftpguest is a virtual user of vsftp.
  
  
Virtual_use_local_privs = Yes
  
  
 
 
 

Vsftpd + MySQL virtual users have the same permissions as local users

 
 

  
  
write_enable=yes   
  
  
anon_upload_enable=yes   
  
  
anon_other_write_enable=yes   
 
 

Allows virtual users to upload, modify, and delete files.

 
 

  
  
chroot_local_user=yes  
 
 

Virtual users can only access their own directories.

 
 

  
  
anonymous_enable=no   
  
  
local_enable=yes   
 
 

Disable Anonymous user access and enable local user access

Step 5:

The fourth step has already been completed, but I thought about it later. No, if every upload is different, how can I manage the directory in a mess, can I create a directory for each vsftpd + MySQL virtual user? For example, place the files uploaded by music users in ~ /Music, put the File Uploaded By the doc user in ~ /What about Doc?

Yes! Of course. How can I do this?

First, add two vsftpd + MySQL virtual users (music and Doc) to the database:

 
 

  
  
#mkdir /etc/vsftpd_user_conf   
  
  
#cd /etc/vsftpd_user_conf   
  
  
#touch music   
  
  
#echo "local_root=/home/username/music" > music   
  
  
#touch doc   
  
  
#echo "local_root=/home/username/doc" > doc   
  
  
#mkdir /home/username/music   
  
  
#chown ftpguest.nogroup /home/username/music   
  
  
#chmod 600 /home/username/music   
  
  
#chown ftpguest.nogroup /home/username/doc   
  
  
#chmod 600 /home/username/doc   
 
 

Add user_config_dir =/etc/vsftpd_user_conf to vsftpd. conf?

 

==========================================

After completing the above steps, how can we enable vsftpd to support single-point login?

 

For example, if you enter a portal system with an FTP application, you do not need to enter the FTP user name and password when entering the FTP application.

 

My idea is as follows:

1. After identifying a user, associate the user with a virtual user in FTP and generate a random password,

2, create an intermediate page A, embed an IFRAME in the page, pointing to FTP: // userid: passsword@10.1 .... /

3. When page a is closed, a new random password is generated to overwrite the original password. This ensures that the password is dynamic and takes effect immediately. If page A does not exit normally, but does not call the close method, you can use ajax to make page a communicate with the server at regular intervals to keep the heartbeat, if the server still receives the information of page a after a certain period of time, you can set the password to be invalid.