Summary of vsftpd and pam_mysql installation and configuration

Source: Internet
Author: User
Tags crypt
Vsftpd combined with pam_mysql installation configuration Summary-Linux Enterprise Application-Linux server application information, the following is a detailed description. System Environment:


RedHat AS 4
MySQL 4.1.15
Pam_mysql-0.7pre3
I installed MySQL using the rpm package on the official website, including the following four:


MySQL-server-standard-4.1.15-0.rhel4.i386.rpm
MySQL-client-standard-4.1.15-0.rhel4.i386.rpm
MySQL-devel-standard-4.1.15-0.rhel4.i386.rpm
MySQL-shared-standard-4.1.15-0.rhel4.i386.rpm
Vsftpd comes with RedHat.


Create a Schema for storing vsftpd virtual users:
Mysql> create database vsftpd;

Mysql> use vsftpd;

Mysql> create table users (
-> Id int AUTO_INCREMENT not null,
-> Name char (16) binary not null,
-> Passwd char (48) binary not null,
-> Primary key (id)
-> );

Mysql> describe users;
+ -------- + ---------- + ------ + ----- + --------- + ---------------- +
| Field | Type | Null | Key | Default | Extra |
+ -------- + ---------- + ------ + ----- + --------- + ---------------- +
| Id | int (11) | PRI | NULL | auto_increment |
| Name | char (16) |
| Passwd | char (48) |
+ -------- + ---------- + ------ + ----- + --------- + ---------------- +

Mysql> create table logs (msg varchar (255 ),
-> User char (16 ),
-> Pid int,
-> Host char (32 ),
-> Rhost char (32 ),
-> Logtime timestamp
-> );

Mysql> describe logs;
+ --------- + -------------- + ------ + ----- + ----------------- + ------- +
| Field | Type | Null | Key | Default | Extra |
+ --------- + -------------- + ------ + ----- + ----------------- + ------- +
| Msg | varchar (255) | YES | NULL |
| User | varchar (16) | YES | NULL |
| Pid | int (11) | YES | NULL |
| Host | varchar (32) | YES | NULL |
| Rhost | varchar (32) | YES | NULL |
| Logtime | timestamp | YES | CURRENT_TIMESTAMP |
+ --------- + -------------- + ------ + ----- + ----------------- + ------- +

Here, the length of the user password field is 48. This is determined based on the length of the return value of the MySQL encryption function. For the length of the return value of the PASSWORD function, refer to the following:

Http://dev.mysql.com/doc/refman/4.1/en/password-hashing.html

Mysql> select encrypt ('foo ');
+ ---------------- +
| Encrypt ('foo') |
+ ---------------- +
| 4Wwn2AXFYb. So |
+ ---------------- +

Mysql> select password ('foo ');
+ ------------------------------------------- +
| Password ('foo') |
+ ------------------------------------------- +
| * F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+ ------------------------------------------- +

Mysql> select md5 ('foo ');
+ ---------------------------------- +
| Md5 ('foo') |
+ ---------------------------------- +
| Acbd18db4cc2f85cedef654fccc4a4d8 |
+ ---------------------------------- +

Compile and install pam_mysql
#./Configure -- with-openssl
# Make
# Make install
With -- with-openssl, you can avoid making compilation errors related to md5.h.

Create/etc/pam. d/vsftpd. mysql (because I just want to verify the installation process of pam_mysql, I don't want to overwrite the original vsftpd file ). Note that there are only two rows. auth is one row and account is one row.

Auth required/lib/security/pam_mysql.so user = root passwd = 123456 host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = passwd crypt = 2 sqllog = 1 logtable = logs logmsgcolumn = msg logusercolumn = user logpidcolumn = pid loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1
Account required/lib/security/pam_mysql.so user = root passwd = 123456 host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = passwd crypt = 2 sqllog = 1 logtable = logs logmsgcolumn = msg logusercolumn = user logpidcolumn = pid loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1

Note that the pam_mysql.so path is/lib/security; sqllog is specified; the encryption method is 2, that is, the MySQL PASSWORD () function is used; verbose = 1. setting this can help debugging, log information is output in/var/log/messages.

Create/etc/vsftpd. mysql. conf (Similarly, it does not affect the existing vsftpd service. When you execute service vsftpd restart, two vsftpd services are started, with different ports)
The main settings are as follows:


Pam_service_name = vsftpd. mysql
Listen = YES
Tcp_wrappers = YES
Local_enable = YES
Guest_enable = YES
Guest_username = ftp
Listen_port= 2121

Note that pam_service_name = vsftpd. mysql specifies to use the pam_mysql just set.

Insert user information:
Mysql> insert into users (name, passwd) values ('Tom ', password ('foo '));
Mysql> insert into users (name, passwd) values ('Jerry ', password ('bar '));
Mysql> select * from users;
+ ---- + ------- + --------------------------------------------- +
| Id | name | passwd |
+ ---- + ------- + --------------------------------------------- +
| 1 | tom | * F3A2A51A9B0F2BE2468926B4132313728C250DBF |
| 2 | jerry | * E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB |
+ ---- + ------- + --------------------------------------------- +

Start the vsftpd service and test the Configuration:
# Ftp localhost 2121

Logon Failed. Check/var/log/messages and find:
# Tail-f/var/log/messages
Nov 29 14:52:04 javadev vsftpd [1, 17683]: PAM unable to dlopen (/lib/security/pam_mysql.so)
Nov 29 14:52:04 javadev vsftpd [17683]: PAM [dlerror:/lib/security/pam_mysql.so: cannot open shared object file: No such file or directory]
Nov 29 14:52:04 javadev vsftpd [17683]: PAM adding faulty module:/lib/security/pam_mysql.so

It seems that pam_mysql.so is not found. Why?
Find (you can also use locate, but you have to wait for updatedb). The original make install is installed in/usr/local/lib by default. Modify/etc/pam. d/vsftpd. mysql
Auth required/usr/lib/security/pam_mysql.so user = root passwd = 123456 host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = passwd crypt = 2 sqllog = 1 logtable = logs logmsgcolumn = msg logusercolumn = user logpidcolumn = pid loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1
Account required/usr/lib/security/pam_mysql.so user = root passwd = 123456 host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = passwd crypt = 2 sqllog = 1 logtable = logs logmsgcolumn = msg logusercolumn = user logpidcolumn = pid loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1

Login successful! You can also use other encryption methods.

Test the config_file configuration option added to pam_mysql v0.7. This option is used to specify a configuration file. You can put all pam_mysql configurations in this file. In this case, the content of/etc/pam. d/vsftpd. mysql becomes as follows:

Auth required/usr/lib/security/pam_mysql.so config_file =/etc/security/pam_mysql.conf
Account required/usr/lib/security/pam_mysql.so config_file =/etc/security/pam_mysql.conf

Refreshing a lot,

/Etc/security/pam_mysql.conf:

Users. host = localhost
Users. database = vsftpd
Users. db_user = root
Users. db_passwds = 123456
Users. table = users
Users. user_column = name
Users. password_column = passwd
Users. password_crypt = 3
Verbose = 1
Log. enabled = 1
Log. table = logs
Log. message_column = msg
Log. pid_column = pid
Log. user_column = user
Log. host_column = host
Log. rhost_column = rhost
Log. time_column = logtime


After these changes, you cannot log on with the previously created virtual user! In addition, there are no error messages in/var/log/messages. Ls-ltr/var/log found the latest secure file, tried to open it, and found the debugging information of pam_mysql:

Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option verbose is set to "1"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. enabled is set to "1"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. table is set to "logs"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. message_column is set to "msg"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. pid_column is set to "pid"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. user_column is set to "user"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. host_column is set to "host"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. rhost_column is set to "rhost"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-option log. time_column is set to "logtime"
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-pam_sm_authenticate () called.
Dec 26 16:18:37 javadev vsftpd [6175]: pam_mysql-pam_mysql_open_db () called.
Dec 26 16:18:42 javadev vsftpd [6175]: pam_mysql-MySQL error (Unknown MySQL server host 'localhost' (3 ))
Dec 26 16:18:42 javadev vsftpd [6175]: pam_mysql-pam_mysql_open_db () returning 5.
Dec 26 16:18:42 javadev vsftpd [6175]: pam_mysql-pam_sm_authenticate () returning 9.
Dec 26 16:18:42 javadev vsftpd [6175]: pam_mysql-pam_mysql_release_ctx () called.
Dec 26 16:18:42 javadev vsftpd [6175]: pam_mysql-pam_mysql_destroy_ctx () called.
Dec 26 16:18:42 javadev vsftpd [6175]: pam_mysql-pam_mysql_close_db () called.

Check carefully and find the cause here:

Pam_mysql-MySQL error (Unknown MySQL server host 'localhost' (3 ))

There is a space at the end of the line users. host = localhost in the original configuration file! Depressed! After modification, you can log on.

Finally, when I replied to the Forum, I said that password cannot be used because

2 (or "mysql") = Use MySQL PASSWORD () function. It is possible
That the encryption function used by PAM-MySQL
Is different from that of the MySQL server,
PAM-MySQL uses the function defined in MySQL's
C-client API instead of using PASSWORD () SQL function
In the query.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.