Implementing MySQL-based authentication for VSFTPD virtual users (CENTOS6)
Note: This experiment is implemented on two Cento hosts, one as FTP server and one as database server
FTP Server ip:172.16.250.90
MySQL server ip:172.16.252.16
Install the FTP Server installation package
Yum Install vsftpd Pam_mysql
Second, the database server to create a virtual user account
1. Establish a virtual user database
mysql> CREATE DATABASE vsftpd; Mysql> Show tables; Mysql> Grant Select on vsftpd.* to [e-mail protected] ' 172.16.%.% ' identified by ' magedu '; mysql> flush Privileges;
2. Create User table
mysql> use VSFTPD; Mysql> CREATE TABLE USER (id INT auto_increment not NULL PRIMARY key,name CHAR (in) BINARY not Null,password CHAR (n) BINARY not NULL); mysql> desc User;
3. Add Test Virtual User
Mysql> inset into user (Name,password) VALUES (' Wang ', password (' magedu ')); Mysql> inset into user (Name,password) VALUES (' Mage ', Password (' magedu ')); Mysql>select * from user;
Third, configure the VSFTPD service on the FTP server
1. Establish the required files on the FTP server for PAM authentication
[Email protected] log]# vim/etc/pam.d/vsftpd.mysql auth required/lib64/security/pam_mysql.so user=vsftpd passwd= magedu host=172.16.252.16 db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=2 #此处与auth行为一行account required/lib64/security/pam_mysql.so user=vsftpd passwd=magedu host=172.16.252.16 db=vsftpd table=user usercolumn= Name Passwdcolumn=password crypt=2 #此处与account行为一行
Auth means certification
Account authentication password is used correctly
Required that certification is going through
The Pam_mysql.so module can also be written here as a relative path, which must be written as an absolute path if the module changes to a compiled installation path. Subsequently
parameter is passed to this module.
USER=VSFTPD users who log in to MySQL
passwd=magedu log in to MySQL password
host=172.16.252.16 MySQL server address (such as MySQL and vftpd as the same server is localhost)
DB=VSFTPD the library that connects to MySQL
Table=users which table in the library is connected to
Usercolumn=name field names as user name fields
Passwdcolumn=password field name as the password field
crypt=2 password encryption method for MySQL password () function encryption
Note that crypt is encrypted, 0 means no encryption, 1 means crypt (3) encryption, 2 means encryption using the MySQL password () function, and 3 means
MD5 encryption, 4 means SHD1 encryption.
2, establish the corresponding user and modify the vsftpd file
Useradd–s/sbin/nologin–d/var/ftproot VUser
Modifying the VSFTP configuration file
Anonymous_enable=yes
Guest_enbale=yes #开启虚拟用户登录
Guest_username=vuser #指定虚拟用户映射的系统用户身份
Pam_service_name=vsftpd.mysql #指定使用mysql认证方式登录 The original system user will not be able to log on after this modification.
Iv. Testing
The virtual user Wang and Mage are now logged in as normal.
Note the SELinux policy during configuration
Disable SELinux or execute the following command
Setsebool-p ftpd_connect_db 1
Setsebool-p Ftp_home_dir 1
Chcon-r-T public_content_rw_t/var/ftproot/
This article is from the "Fall" blog, please be sure to keep this source http://lxlxlx.blog.51cto.com/3363989/1885407
Implementing MySQL-based authentication for VSFTPD virtual users (CENTOS6)