Quite some years ago, I setup a vsftpd server with virtual users, according to some howtos (still) to be found on the internet, using pam_userdb.
Like this: A file called /etc/pam.d/vsftpd.virtual
:
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/users crypt=crypt
account required pam_userdb.so db=/etc/vsftpd/users crypt=crypt
session required pam_loginuid.so
A setting inside /etc/vsftpd/vsftpd.conf
:
pam_service_name=vsftpd.virtual
And a BerkeleyDB containing the user and password hashes (/etc/vsftpd/users.db
).
According to the manpage of pam_userdb
, this module only supports clear-text passwords or crypt
ed ones, always in a BerkeleyDB.
Meanwhile, this approach seems both dated and impractical to me, as plain crypt
ed passwords are insecure (not even speaking of the clear text variant), and the handling of a BerkeleyDB containing them makes using some wrapper necessary.
So: Is there some alternative PAM module that e.g. can handle a plain text file with users and bcrypt
ed passwords? Or at least with passwords using some SHA hash? That can be updated using e.g. htpasswd
(or mkpasswd
)? Something like a Dovecot users file, or an htaccess file for use with e.g. Lighttpd?
Something like
some_user:$2y$05$ensqtXGZXUf5DQosKk51.utplrWUqkeZzNNI8.lCVT.K86uillL4a
? I suppose some other PAM module could be used by vsftpd in the same way? Thanks for all help!
0 Answers