32 lines
1.3 KiB
Plaintext
32 lines
1.3 KiB
Plaintext
# ONLY authenticate with pam, but sql provides the user information lookup.
|
|
AuthOrder mod_auth_pam.c* mod_sql.c
|
|
|
|
AuthPAM on
|
|
# configures which file in /etc/pam.d is used for proftpd access check
|
|
AuthPAMConfig ftp-upload
|
|
|
|
# /etc/pam.d looks like this:
|
|
#auth required /home/user/projects/pam_firstcomefirstserve/pam_firstcomefirstserve.so /home/user/projects/pam_firstcomefirstserve/proftpd_test_2/auth.db /srv/testupload 65534 65534
|
|
#account required pam_permit.so
|
|
#password required pam_permit.so
|
|
#session required pam_permit.so
|
|
|
|
# pam_firstcomefirstserve.so manages the passwords, and creates home directories with the specified uid/gid.
|
|
|
|
# PAM doesn't look up user information, so SQL is configured for that.
|
|
|
|
SQLAuthenticate users
|
|
SQLBackend sqlite
|
|
#It can be any sqlite database since we don't use any data.
|
|
SQLConnectInfo /home/user/projects/pam_firstcomefirstserve/proftpd_test_2/auth.db
|
|
SQLEngine auth
|
|
SQLUserInfo custom:/get-user-by-name
|
|
# Even though we return password 'hunter2', login with this password fails because the * AuthOrder means that PAM auth has to succeed.
|
|
SQLNamedQuery get-user-by-name select "'%U','hunter2',65534,65534,'/srv/testupload/%U','/bin/sh'"
|
|
|
|
# Restrict users to their home directories. This is the only thing that stops users accessing each others' files.
|
|
DefaultRoot ~
|
|
|
|
#Trace auth:10 auth.pam:10
|
|
#TraceLog /dev/tty
|