How to enable ftp to support SSO

Source: Internet
Author: User
Tags crypt

First, we need to allow ftp to support dynamic passwords, that is, the user password can be dynamically modified through the program.

The vsftpd + MySQL combination is as follows:

The following articles mainly describe the specific practices of vsftpd + MySQL virtual users in Debian Linux. I saw information about vsftpd + MySQL virtual users in Debian Linux on the relevant website two days ago, I think it's good. I just want to share it with you.

Today, I had nothing to do with ftp. The reason is very simple: to put the good stuff that can be seen elsewhere on my machine, hey! It is not easy to select an FTP server in Linux. After a bit of thinking, I chose vsftpd, the reason is that it is known as the safest FTP server in Linux, and there are still many large websites that use it as a server (this makes it easy to use ).

In order to prevent others from peeking at my password and logging on to my machine, I hate the fact that there are so many users in the system (like displaying my own hands ), therefore, I decided to use virtual users because MySQL (the best combination with PHP) is installed in the machine ), so I want to put vsftpd + MySQL virtual user data in MySQL (the best combination with PHP). Well, let's get started here. Next, let's get started!

Step 1:

Install vsftpd

Apt-Get install vsftpd (Debian is awesome !)

The system automatically generates a configuration file and an FTP user for anonymous users. vsftpd uses Pam to verify virtual users because vsftpd + MySQL virtual user information is stored in the database, therefore, we also need a local user who can read the database content and set its local directory:

 
 
  1. #mkdir /var/ftp 
  2. #useradd -d ftpguest /var/ftp 
  3. #chown ftpguest.nogroup /var/ftp 

Step 2: Install MySQL (the best combination with PHP)

Apt-Get install MySQL (the best combination with PHP)-server MySQL (the best combination with PHP)-clent

Create a database and add users

 
 
  1. # MySQL (the best combination with PHP)-P MySQL (the best combination with PHP)> Create FTPU;
  2. MySQL (best combination with PHP)> Use FTPU;
  3. MySQL (best combination with PHP)> Create Table user (name char (20) binary, passwd char (20) binary );
  4. MySQL (best combination with PHP)> insert into user (name, passwd) values ('test1', password ('20140901 '));
  5. MySQL (best combination with PHP)> insert into user (name, passwd) values ('test2', password ('20140901 '));
  6. MySQL (best combination with PHP)> quit
  7. Enable ftpguest to access FTPU and table User:
  8. # MySQL (the best combination with PHP)-u root MySQL (the best combination with PHP)
    -P MySQL (the best combination with PHP)> grant select on FTPU. User to ftpguest @ localhost identified by '123 ';

MySQL (best combination with PHP)> quit

Step 3: Because vsftpd is verified by Pam

Therefore, we also need a MySQL (the best combination with PHP) package verified by Pam. In Debian, it is called libpam-MySQL (the best combination with PHP)

Apt-Get install libpam-MySQL (best combination with PHP)

Enable Pam verification For vsftpd:

 
 
  1. #vi /etc/pam.d/vsftpd 

Comment out the previous content and add the following content:

Auth required pam_mysql (best combination with PHP). So user = ftpguest passwd = 123456 host = localhost DB = FTPU table = user usercolumn = Name passwdcolumn = passwd crypt = 2

Account required pam_mysql (best combination with PHP). So user = ftpguest passwd = 123456 host = localhost DB = FTPU table = user usercolumn = Name passwdcolumn = passwd crypt = 2

The above content should be clear. The Crypt = 2 indicates something that has passed the password () secret of MySQL (the best combination with PHP!

Step 4: Modify the vsftpd. conf file

 
 
  1. #vi /etc/vsftpd.conf 

Join:

 
 
  1. Uest_enable = Yes
  2. Guest_username = ftpguest
  3. # Indicates that ftpguest is a virtual user of vsftp.
  4. Virtual_use_local_privs = Yes
  5.  

Vsftpd + MySQL virtual users have the same permissions as local users

 
 
  1. write_enable=yes  
  2. anon_upload_enable=yes  
  3. anon_other_write_enable=yes  

Allows virtual users to upload, modify, and delete files.

 
 
  1. chroot_local_user=yes 

Virtual users can only access their own directories.

 
 
  1. anonymous_enable=no  
  2. local_enable=yes  

Disable Anonymous user access and enable local user access

Step 5:

The fourth step has already been completed, but I thought about it later. No, if every upload is different, how can I manage the directory in a mess, can I create a directory for each vsftpd + MySQL virtual user? For example, place the files uploaded by music users in ~ /Music, put the File Uploaded By the doc user in ~ /What about Doc?

Yes! Of course. How can I do this?

First, add two vsftpd + MySQL virtual users (music and Doc) to the database:

 
 
  1. #mkdir /etc/vsftpd_user_conf  
  2. #cd /etc/vsftpd_user_conf  
  3. #touch music  
  4. #echo "local_root=/home/username/music" > music  
  5. #touch doc  
  6. #echo "local_root=/home/username/doc" > doc  
  7. #mkdir /home/username/music  
  8. #chown ftpguest.nogroup /home/username/music  
  9. #chmod 600 /home/username/music  
  10. #chown ftpguest.nogroup /home/username/doc  
  11. #chmod 600 /home/username/doc  

Add user_config_dir =/etc/vsftpd_user_conf to vsftpd. conf?

 

==========================================

After completing the above steps, how can we enable vsftpd to support single-point login?

 

For example, if you enter a portal system with an FTP application, you do not need to enter the FTP user name and password when entering the FTP application.

 

My idea is as follows:

1. After identifying a user, associate the user with a virtual user in FTP and generate a random password,

2, create an intermediate page A, embed an IFRAME in the page, pointing to FTP: // userid: passsword@10.1 .... /

3. When page a is closed, a new random password is generated to overwrite the original password. This ensures that the password is dynamic and takes effect immediately. If page A does not exit normally, but does not call the close method, you can use ajax to make page a communicate with the server at regular intervals to keep the heartbeat, if the server still receives the information of page a after a certain period of time, you can set the password to be invalid.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.