📄 1486.html
字号:
</Global><br>
<br>
格式说明:<br>
SQLConnectInfo 数据库@主机名:端口 用户 密码<br>
SQLAuthTypes 密码类型(Plaintext明文密码,Crypt DES密码,Backend MySQL password()函数产生的密码)<br>
SQLUserInfo [用户表] [用户名字段] [密码字段] [用户ID] [组ID] [用户目录] NULL<br>
<br>
创建ftpusers.sql文件<br>
[mysql@linux mysql]$ vi ftpusers.sql<br>
-- MySQL dump 8.22<br>
--<br>
-- Host: localhost Database: proftpd<br>
---------------------------------------------------------<br>
-- Server version 3.23.52-max<br>
<br>
--<br>
-- Table structure for table 'groups'<br>
--<br>
<br>
CREATE TABLE groups (<br>
groupname varchar(255) binary NOT NULL default '',<br>
gid int(11) NOT NULL default '0',<br>
members text NOT NULL,<br>
PRIMARY KEY (groupname)<br>
) TYPE=MyISAM;<br>
<br>
--<br>
-- Dumping data for table 'groups'<br>
--<br>
<br>
<br>
INSERT INTO groups VALUES ('nogroup',502,'FTP Group');<br>
<br>
--<br>
-- Table structure for table 'users'<br>
--<br>
<br>
CREATE TABLE users (<br>
userid varchar(255) binary NOT NULL default '',<br>
passwd varchar(255) binary NOT NULL default '',<br>
uid int(11) default NULL,<br>
gid int(11) default NULL,<br>
homedir varchar(255) default NULL,<br>
shell varchar(255) default NULL,<br>
count int(11) default NULL,<br>
used double(10,1) default '0.0',<br>
quota double(10,1) default '10000000.0',<br>
PRIMARY KEY (userid)<br>
) TYPE=MyISAM;<br>
<br>
--<br>
-- Dumping data for table 'users'<br>
--<br>
<br>
<br>
INSERT INTO users VALUES ('chen','chen',500,500,'/home/samba','/bin/sh',0,0.0,10000000.0);<br>
INSERT INTO users VALUES ('user2','123456',500,500,'/home/samba','/bin/bash',1,0.0,10000000.0);<br>
INSERT INTO users VALUES ('user1','123456',NULL,NULL,'/u01',NULL,1,0.0,10000000.0);<br>
<br>
创建数据库与表<br>
[mysql@linux mysql]$ echo "create database ftpusers" | mysql -uroot -pchen<br>
[mysql@linux mysql]$ mysql -uroot -pchen ftpusers < ftpusers.sql<br>
[mysql@linux mysql]$<br>
<br>
再次启动ProFTPD<br>
/usr/local/proftpd/sbin/in.proftpd<br>
这次使用MySQL用户登录Ftp Server<br>
显示230 User xxxxx logged in. MySQL认证成功<br>
<br>
三、Proftpd + OpenLDAP<br>
<br>
tar xvzf proftpd-version.tar.gz<br>
cd proftpd-version<br>
./configure --prefix=/usr/local/proftpd --with-modules=mod_ldap<br>
make<br>
make install<br>
<br>
# tar zxvf mod_ldap-2.8.10.tar.gz<br>
<br>
将mod_ldap-2.8.10目录下的posixAccount-objectclass和posixGroup-objectclass<br>
复制到OpenLDAP 的schema目录下:<br>
<br>
# cp mod_ldap-2.8.10/posix* /etc/openldap/schema/<br>
# vi /etc/openldap/slapd.conf<br>
修改OpenLDAP的配置文件slapd.conf,将这两个文件包含到该文件中:<br>
include /etc/openldap/schema/posixAccount-objectclass<br>
include /etc/openldap/schema/posixGroup-objectclass<br>
重新启动OpenLDAP:<br>
# service ldap restart<br>
Stopping slapd: [ OK ]<br>
Starting slapd: [ OK ]<br>
<br>
编辑proftpd.conf文件<br>
vi /usr/local/proftpd/etc/proftpd.conf<br>
添加下面几行参数<br>
<br>
<Global><br>
LDAPServer localhost<br>
LDAPDNInfo cn=your-dn,dc=horde,dc=net dnpass<br>
LDAPDoAuth on "dc=users,dc=horde,dc=net"<br>
</Global><br>
<br>
格式说明:<br>
LDAPServer OpenLDAP服务器<br>
LDAPDNInfo cn=你的-dn,dc=区域名,dc=区域名 dn密码<br>
LDAPDoAuth on "dc=区域名,dc=区域名"<br>
例子:<br>
<Global><br>
LDAPServer localhost<br>
LDAPDNInfo cn=manager,dc=xuser,dc=net secret<br>
LDAPDoAuth on dc=xuser,dc=net<br>
</Global><br>
<br>
根据自己需要修改mod_ldap-2.8.10目录中的group-ldif和user-ldif文件,并将条目添加到OpenLDAP中:<br>
<br>
# ldapadd -x -D "cn=manager,dc=xuser,dc=net" -w secret -f group-ldif<br>
# ldapadd -x -D "cn=manager,dc=xuser,dc=net" -w secret -f user-ldif<br>
<br>
显示:adding new entry "cn=mygroup, dc=xuser, dc=net" 添加成功<br>
使用ldapsearch查看记录<br>
# ldapsearch -x -b "dc=xuser,dc=net"<br>
<br>
启动ProFTPD:<br>
/usr/local/proftpd/sbin/in.proftpd<br>
使用OpenLDAP用户登录Ftp Server<br>
显示230 User xxxxx logged in. OpenLDAP认证成功<br>
<br>
例:<br>
[root@linux mod_ldap-2.8.10]# cat group-ldif<br>
dn: cn=mygroup, dc=xuser, dc=net<br>
objectclass: posixGroup<br>
cn: mygroup<br>
gidNumber: 100<br>
memberUid: user1<br>
memberUid: user2<br>
memberUid: user3<br>
memberUid: user4<br>
memberUid: ftpusersb<br>
memberUid: usera<br>
memberUid: jwm<br>
memberUid: 100<br>
[root@linux mod_ldap-2.8.10]# cat user-ldif<br>
dn: uid=jwm, dc=xuser, dc=net<br>
objectclass: posixAccount<br>
cn: John Morrissey<br>
uid: jwm<br>
uidNumber: 2000<br>
gidNumber: 100<br>
homeDirectory: /home/chen<br>
userPassword: {crypt}*<br>
loginShell: /bin/bash<br>
<br>
dn: uid=chen, dc=xuser, dc=net<br>
objectclass: posixAccount<br>
cn: chen<br>
uid: chen<br>
uidNumber: 2000<br>
gidNumber: 100<br>
homeDirectory: /home/chen<br>
userPassword: {crypt}sa7XjjlytXZZ2<br>
loginShell: /bin/bash<br>
<br>
dn: cn=ftpuser1, dc=xuser, dc=net<br>
objectclass: posixAccount<br>
cn: ftpuser1<br>
uid: ftpuser1<br>
uidNumber: 2000<br>
gidNumber: 100<br>
homeDirectory: /home/chen<br>
userPassword: {crypt}sa7XjjlytXZZ2<br>
loginShell: /bin/bash<br>
<br>
dn: uid=usera, dc=xuser, dc=net<br>
objectclass: posixAccount<br>
cn: usera<br>
uid: usera<br>
uidNumber: 2000<br>
gidNumber: 100<br>
homeDirectory: /tmp<br>
userPassword:{crypt}sa7XjjlytXZZ2<br>
loginShell: /bin/bash<br>
<br>
dn: uid=ftpuserb, dc=xuser, dc=net<br>
objectclass: posixAccount<br>
cn: ftpuserb<br>
uid: ftpuserb<br>
uidNumber: 2000<br>
gidNumber: 100<br>
homeDirectory: /tmp<br>
userPassword:{crypt}O2BooHEK9JI06<br>
loginShell: /bin/bash<br>
<br>
上面的用户密码是用crypt方式加密的密码,密码产生请看<br>
使用PHP产生:<br>
# cat des.php<br>
<html><br>
<p>DES 密碼產生器</p><br>
<form method=post action=des.php><br>
<p>password:<input name=passwd type=text size=20></p><br>
<input type=submit value=submit><br>
</form><br>
<?<br>
$enpw=crypt($passwd);<br>
echo "password is: $enpw";<br>
?><br>
使用perl产生:<br>
perl -e 'print("userPassword: ".crypt("secret","salt")."");'<br>
产生的DES密码,同样也可以用于OpenLDAP的管理员密码<br>
# vi /etc/openldap/slapd.conf<br>
rootpw {crypt}ijFYNcSNctBYg<br>
四、标准的配置文件<br>
MySQL认证配置实例<br>
[root@linux root]# cat /usr/local/proftpd/etc/proftpd.conf<br>
ServerName "ProFTPD Default Installation"<br>
ServerType standalone<br>
DefaultServer on<br>
<br>
# Port 21 is the standard FTP port.<br>
Port 21<br>
<br>
# Umask 022 is a good standard umask to prevent new dirs and files<br>
# from being group and world writable.<br>
Umask 022<br>
<br>
# We put our mod_sql directives in a <Global> block so they'll be<br>
# inherited by the <Anonymous> block below, and any other <VirtualHost><br>
# blocks we may want to add. For a simple server these don't need to<br>
# be in a <Global> block but it won't hurt anything.<br>
<Global><br>
SQLConnectInfo ftpusers@localhost:3306 root chen<br>
SQLAuthTypes Plaintext<br>
SQLUserInfo users userid passwd uid gid homedir NULL<br>
RequireValidShell off<br>
SQLAuthenticate users groups usersetfast groupsetfast<br>
</Global><br>
# To prevent DoS attacks, set the maximum number of child processes<br>
# to 30. If you need to allow more than 30 concurrent connections<br>
# at once, simply increase this value. Note that this ONLY works<br>
# in standalone mode, in inetd mode you should use an inetd server<br>
# that allows you to limit maximum number of processes per service<br>
# (such as xinetd)<br>
MaxInstances 30<br>
<br>
# Set the normal user and group permissions for the server.<br>
User nobody<br>
Group nogroup<br>
<br>
# Normally, we want files to be overwriteable.<br>
<Directory /*><br>
AllowOverwrite on<br>
</Directory><br>
<br>
# A basic anonymous configuration, no upload directories. If you<br>
# don't want to support anonymous access, simply remove this<br>
# <Anonymous ..> ... </Anonymous> block.<br>
<br>
<Anonymous ~ftp><br>
User ftp<br>
Group ftp<br>
# We want clients to be able to login with "anonymous" as well as "ftp"<br>
UserAlias anonymous ftp<br>
<br>
# Limit the maximum number of anonymous logins<br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -