Jun 11, 2011

Implement Virtual Users for FTP authentication


Implement Virtual Users for VSFTPD Server authentication


Release:
Redhat Enterprise Linux 5.x
Berkeley DB 4.7.25

Problem:
Create an virtual user database and authenticate ftp server (vsftpd service) using that virtual users.

Solution:

1) First configure the VSFTPD server and make the vsftpd service running

2) Install the required RPMs

# yum install db4-utils

3) Download the Berkeley DB from the below URL


4) Install the Berkeley DB program on the sevrer

# cd /tmp
# tar -xvf db-4.7.25.tar.tar
# cd db-4.7.25/build_unix/
# ../dist/configure
# make
# make install


Create the Virtual User database:

5) Create text file with the virtual user's username and password information like below one.

# vi login.txt
testuser
12345
user1
12345

6) Create the database file using the “db_load” command.

# db_load -T -t hash -f login.txt /etc/vsftpd/login.db

7) Optionally change the permission of the db file.

# chmod 600 /etc/vsftpd/login.db

8) Edit the PAM configuration file to use the created db file.

# vi /etc/pam.d/vsftpd
session include system-auth
auth required pam_userdb.so db=/etc/vsftpd/login
account required pam_userdb.so db=/etc/vsftpd/login
session required pam_loginuid.so

9) Create a location for the virtual users

# useradd -d /var/ftp/virtualuser virtual

10) Edit the configuration file to use the virtual users

# vi /etc/vsftpd/vsftpd.conf

guest_enable=YES
guest_username=virtual

Note: If you add the above two lines means all the virtual users are redirect to the “/var/ftp/virtualuser” directory. Otherwise if you want to use chroot for every user means, that also possible. Add the below entries for every user login to their respective directory.

# vi /etc/vsftpd/vsftpd.conf

virtual_use_local_privs=YES
write_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
hide_ids=YES
guest_enable=YES

11) Restart the ftp service on the server.

# service vsftpd restart

12) Now from the client try to login using that virtual username and password

$ ftp ftpserver
Connected to ftpserver.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (sbssdb5:query1): testuser
331 Please specify the password.
Password: 12345
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>





No comments: