Implementing MySQL-based authentication for VSFTPD virtual users (CENTOS6)

Implementing MySQL-based authentication for VSFTPD virtual users (CENTOS6)

Note: This experiment is implemented on two Cento hosts, one as FTP server and one as database server

FTP Server ip:172.16.250.90

MySQL server ip:172.16.252.16

Install the FTP Server installation package

Yum Install vsftpd Pam_mysql

Second, the database server to create a virtual user account

1. Establish a virtual user database

mysql> CREATE DATABASE vsftpd;    Mysql> Show tables;    Mysql> Grant Select on vsftpd.* to [e-mail protected] ' 172.16.%.% ' identified by ' magedu '; mysql> flush Privileges;

2. Create User table

mysql> use VSFTPD;  Mysql> CREATE TABLE USER (id INT auto_increment not NULL PRIMARY key,name CHAR (in) BINARY not Null,password    CHAR (n) BINARY not NULL); mysql> desc User;

3. Add Test Virtual User

Mysql> inset into user (Name,password) VALUES (' Wang ', password (' magedu '));    Mysql> inset into user (Name,password) VALUES (' Mage ', Password (' magedu ')); Mysql>select * from user;

Third, configure the VSFTPD service on the FTP server

1. Establish the required files on the FTP server for PAM authentication

[Email protected] log]# vim/etc/pam.d/vsftpd.mysql auth required/lib64/security/pam_mysql.so user=vsftpd passwd= magedu host=172.16.252.16 db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=2 #此处与auth行为一行account required/lib64/security/pam_mysql.so user=vsftpd passwd=magedu host=172.16.252.16 db=vsftpd table=user usercolumn= Name Passwdcolumn=password crypt=2 #此处与account行为一行

Auth means certification

Account authentication password is used correctly

Required that certification is going through

The Pam_mysql.so module can also be written here as a relative path, which must be written as an absolute path if the module changes to a compiled installation path. Subsequently

parameter is passed to this module.

USER=VSFTPD users who log in to MySQL

passwd=magedu log in to MySQL password

host=172.16.252.16 MySQL server address (such as MySQL and vftpd as the same server is localhost)

DB=VSFTPD the library that connects to MySQL

Table=users which table in the library is connected to

Usercolumn=name field names as user name fields

Passwdcolumn=password field name as the password field

crypt=2 password encryption method for MySQL password () function encryption

Note that crypt is encrypted, 0 means no encryption, 1 means crypt (3) encryption, 2 means encryption using the MySQL password () function, and 3 means

MD5 encryption, 4 means SHD1 encryption.

2, establish the corresponding user and modify the vsftpd file

Useradd–s/sbin/nologin–d/var/ftproot VUser

Modifying the VSFTP configuration file

Anonymous_enable=yes

Guest_enbale=yes #开启虚拟用户登录

Guest_username=vuser #指定虚拟用户映射的系统用户身份

Pam_service_name=vsftpd.mysql #指定使用mysql认证方式登录 The original system user will not be able to log on after this modification.

Iv. Testing

The virtual user Wang and Mage are now logged in as normal.

Note the SELinux policy during configuration

Disable SELinux or execute the following command

Setsebool-p ftpd_connect_db 1

Setsebool-p Ftp_home_dir 1

Chcon-r-T public_content_rw_t/var/ftproot/

This article is from the "Fall" blog, please be sure to keep this source http://lxlxlx.blog.51cto.com/3363989/1885407

Implementing MySQL-based authentication for VSFTPD virtual users (CENTOS6)