Discussion:
[Proftpd-user] MD5 Passwords ???
Marco Kruijswijk
2004-02-16 16:10:11 UTC
Permalink
Hi all,

I thought it would be possible to use MD5 passwords in my MySQL DB for the
authentication of users, but now I have compiled ProFTPD 1.2.8p with
DHAVE_OPENSSL I see that the OpenSSL option for SQLAuthTypes is for a
"base64 encoded binary md5-hash". The problem is that I want to use the same
database for my phpBB forum, so the passwords must be "md5-hashed" only.

Is it possible to use only md5-hashes for the authentication of users with
ProFTPD, or do I have to look at another FTP-server for using this kind of
passes?

Thanks,

Marco

_________________________________________________________________
MSN Search, for accurate results! http://search.msn.nl
E. Stuart Hicks
2004-02-16 19:28:07 UTC
Permalink
If all attempts to do it the normal way fail you could try using the module
I made to use PHP's md5 hashes. http://www.binarymagi.com/phpdls/ It's
pretty Frankenstienian but it works great for my purposes.

Stu


----- Original Message -----
From: "Marco Kruijswijk" <***@hotmail.com>
To: <proftp-***@lists.sourceforge.net>
Sent: Monday, February 16, 2004 1:05 PM
Subject: [Proftpd-user] MD5 Passwords ???
Post by Marco Kruijswijk
Hi all,
I thought it would be possible to use MD5 passwords in my MySQL DB for the
authentication of users, but now I have compiled ProFTPD 1.2.8p with
DHAVE_OPENSSL I see that the OpenSSL option for SQLAuthTypes is for a
"base64 encoded binary md5-hash". The problem is that I want to use the same
database for my phpBB forum, so the passwords must be "md5-hashed" only.
Is it possible to use only md5-hashes for the authentication of users with
ProFTPD, or do I have to look at another FTP-server for using this kind of
passes?
Thanks,
Marco
_________________________________________________________________
MSN Search, for accurate results! http://search.msn.nl
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Steven Festa
2004-02-16 20:30:40 UTC
Permalink
Post by Marco Kruijswijk
Hi all,
I thought it would be possible to use MD5 passwords in my MySQL DB for the
authentication of users, but now I have compiled ProFTPD 1.2.8p with
DHAVE_OPENSSL I see that the OpenSSL option for SQLAuthTypes is for a
"base64 encoded binary md5-hash". The problem is that I want to use the same
database for my phpBB forum, so the passwords must be "md5-hashed" only.
Is it possible to use only md5-hashes for the authentication of users with
ProFTPD, or do I have to look at another FTP-server for using this kind of
passes?
I thought that using SQLAuthTypes OpenSSL only allows md5 hashed
passwords. So the password field would look like this:

{MD5}hashvalue

Did you try prepending {MD5} to your current passwords?

Steve
TJ Saunders
2004-02-16 21:01:19 UTC
Permalink
Post by Steven Festa
I thought that using SQLAuthTypes OpenSSL only allows md5 hashed
passwords.
No. The OpenSSL SQLAuthType allows for any hashes that OpenSSL supports:

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-SQL.html#SQLOpenSSLSQLAuthType

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Universe is change; life is opinion.

-Marcus Aurelius

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Marco Kruijswijk
2004-02-17 08:02:11 UTC
Permalink
I have read that document (about mod_sql_mysql) earlier and they encrypt
their password with base64 also ... so it isn't exactly what I want. (btw: I
placed the {md5} tag before the hash, so that isn't the problem).
To E. Stuart Hicks: This could be a solution to my problem indeed, but I saw
that the HTTP Authentication through MySQL is also hard to setup with MD5
passwords. Therefore I think about using the Crypt() function for the
encryption of the passwords. The only question I have is: Is this kind of
encryption safe (so isn't it easy to decrypt, like i.e. base64)?

I shall descripe my problem, so it is clear to you all:
I am preparing a server with one MySQL user database, for using as
Authentication DB with Apache / ProFTPD / phpBB-forum / mail-server / Samba
/ OpenSSL.
Which encryption method is the best / safest to use, and is also easy to
implement using the services mentioned above.

I'm sorry, but I'm quite new to Unix and running these services, so excuse
me for the probably simple questions ...

Thanks in advance,

Marco
Subject: Re: [Proftpd-user] MD5 Passwords ???
Date: Mon, 16 Feb 2004 22:55:31 +0800 (GMT-8)
Post by Steven Festa
I thought that using SQLAuthTypes OpenSSL only allows md5 hashed
passwords.
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-SQL.html#SQLOpenSSLSQLAuthType
Cheers,
TJ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Universe is change; life is opinion.
-Marcus Aurelius
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
_________________________________________________________________
Play online games with your friends with MSN Messenger
http://messenger.msn.nl/
E. Stuart Hicks
2004-02-17 14:05:33 UTC
Permalink
Post by Marco Kruijswijk
To E. Stuart Hicks: This could be a solution to my problem indeed, but I saw
that the HTTP Authentication through MySQL is also hard to setup with MD5
passwords. Therefore I think about using the Crypt() function for the
encryption of the passwords. The only question I have is: Is this kind of
encryption safe (so isn't it easy to decrypt, like i.e. base64)?
Last I heard the standard crypt() was still pretty safe. The only time http
auth is restricted to crypt that I know of is when you're using htaccess
files, though, and I wouldn't know how you'd tie them into a mysql database.
Only database-based http auth I've ever seen was done with php header()
calls. The password was returned in a variable so you can run it through
whatever hashing function you like before comparing it to the database.

Stu
Marco Kruijswijk
2004-02-17 19:37:10 UTC
Permalink
Apache makes use of mod_auth_mysql for using an MySQL DB as backend for
(indeed) HTTP Authentication used with .htaccess, which is (for me) the
easiest way of securing a directory.

But thanks for your information on the crypt() function.
If there is anybody who had bad experiences with crypt(), please let me
know.

Thanks,

Marco
Subject: Re: [Proftpd-user] MD5 Passwords ???
Date: Tue, 17 Feb 2004 10:52:36 -0500
Post by Marco Kruijswijk
To E. Stuart Hicks: This could be a solution to my problem indeed, but I
saw
Post by Marco Kruijswijk
that the HTTP Authentication through MySQL is also hard to setup with
MD5
Post by Marco Kruijswijk
passwords. Therefore I think about using the Crypt() function for the
encryption of the passwords. The only question I have is: Is this kind
of
Post by Marco Kruijswijk
encryption safe (so isn't it easy to decrypt, like i.e. base64)?
Last I heard the standard crypt() was still pretty safe. The only time
http
auth is restricted to crypt that I know of is when you're using htaccess
files, though, and I wouldn't know how you'd tie them into a mysql
database.
Only database-based http auth I've ever seen was done with php header()
calls. The password was returned in a variable so you can run it through
whatever hashing function you like before comparing it to the database.
Stu
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
_________________________________________________________________
MSN Search, for accurate results! http://search.msn.nl
黄志腾
2004-03-17 05:13:01 UTC
Permalink
I am using proftpd-1.2.9 on Redhat 8 . Recently I met a huge problem, my
ftp server hungs very easily. Only a 40-user limit can bring the system
down. I checked the system log but found nothing special, even the
logfile didn't log when system was down. I don't know what's wrong, may
it be the problem of proftpd? I used to set this machine for a 200-user
& 500KB/s limit and it worked well.

Anybody please help me.
--
黄志腾 <***@newmail.dlmu.edu.cn>
victor
2004-03-17 05:45:01 UTC
Permalink
you sure it's a 'down'? what did your log say? it sound more like you
used up the user limit. check your netstat and see if you have 40 people
connected to your FTP service.

Incease the MaxClients value might fix your problem.

Tor.
Post by 黄志腾
I am using proftpd-1.2.9 on Redhat 8 . Recently I met a huge problem, my
ftp server hungs very easily. Only a 40-user limit can bring the system
down. I checked the system log but found nothing special, even the
logfile didn't log when system was down. I don't know what's wrong, may
it be the problem of proftpd? I used to set this machine for a 200-user
& 500KB/s limit and it worked well.
Anybody please help me.
--
<!---------------------------------------------
Victor
Development Engineer
Outblaze Ltd
---------------------------------------------->
黄志腾
2004-03-18 00:24:13 UTC
Permalink
yes, i'm very very sure the ftp server is DOWN. The keyboard and mouse
input got no response at all. :( I will have to reset it, in fact, DELL
POWEREDGE 6500 has not reset button, i've to turn it off and turn on...
what a pity.

The log logged nothing, it seemed it didn't work while the linux system
is down when it's needed most.

Thankyou for your reply.
--
黄志腾 <***@newmail.dlmu.edu.cn>
victor
2004-03-18 01:16:07 UTC
Permalink
So your machine crashed...

My understanding is proftpd is only a user space process it's rather
unlikely it can crash your machine, to the worse it can eat up all your
resource and swap you box to hell, but not freezing your hardware by itself.

IMHO, you should check your kernel and hardware first.

This is my best guess, I hope this do help or maybe someone around can
share some experience.

Tor.
Post by 黄志腾
yes, i'm very very sure the ftp server is DOWN. The keyboard and mouse
input got no response at all. :( I will have to reset it, in fact, DELL
POWEREDGE 6500 has not reset button, i've to turn it off and turn on...
what a pity.
The log logged nothing, it seemed it didn't work while the linux system
is down when it's needed most.
Thankyou for your reply.
--
<!---------------------------------------------
Victor
Development Engineer
Outblaze Ltd
---------------------------------------------->
黄志腾
2004-03-19 04:41:00 UTC
Permalink
Thanks, victor. I don't know whether proftpd can crash my machine but if
I use NCFTPD wiz setting to 150 user, my server hasn't crashed. I perfer
proftpd for it highly controlable setting. Yet, I have to find out why
it crashed...all the time.

thank you all.
--
黄志腾 <***@newmail.dlmu.edu.cn>
黄志腾
2004-03-19 05:38:01 UTC
Permalink
can anyone please give me a 1.2.10CVS version of proftpd? i can't login
onto CVS server.
--
黄志腾 <***@newmail.dlmu.edu.cn>
TJ Saunders
2004-03-18 00:47:04 UTC
Permalink
Post by 黄志腾
I am using proftpd-1.2.9 on Redhat 8 . Recently I met a huge problem, my
ftp server hungs very easily. Only a 40-user limit can bring the system
down. I checked the system log but found nothing special, even the
logfile didn't log when system was down. I don't know what's wrong, may
it be the problem of proftpd? I used to set this machine for a 200-user
& 500KB/s limit and it worked well.
What does your proftpd.conf look like? What does server debugging output
show?

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Debugging.html

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The secret of illusoriness is in the necessity of a succession of moods
or objects.

-Ralph Waldo Emerson

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
黄志腾
2004-03-18 11:32:04 UTC
Permalink
here's my proftpd.conf , and the server debugging output shows no
problem while my machine crashed again. if i switch to NCFTPD, it works
fine... the debug message is a little big(> 9MB) so i only attach the
last few lines.

# global settings for entire site
ServerName "ftpm.dlmu.edu.cn<202.118.85.185>"
ServerType standalone
ServerIdent off
DefaultServer on
DefaultRoot /opt/

# h add <to make connection faster>
IdentLookups off
UseReverseDNS off

# h add <to ease the ASCII File Remote Compromise Vulnerability>
RootRevoke on

# h add <to try to deal with the scoreboard corruption problem>
#ScoreboardFile /var/run/proftpd/proftpd.scoreboard

# h add <to enable anonymous login>
RequireValidShell off

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
# h change 022--->002
Umask 002

# h <system LOG setting>
# this ftp's log files are in /var/log/proftpd/
SystemLog /var/log/proftpd/ftp.log
TransferLog none
# h <log format>
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

#ExtendedLog /var/log/proftpd/user.log auth
ExtendedLog /var/log/proftpd/write.log write
# h <some time setting>
TimeoutLogin 60
TimeoutIdle 60
TimeoutNoTransfer 60
TimeoutStalled 300

TimesGMT off

# h <some access control>
RootLogin off
<LIMIT Login>
Order deny,allow
黄志腾
2004-03-20 03:11:02 UTC
Permalink
here's my proftpd.conf , and the server debugging output shows no
problem while my machine crashed again. if i switch to NCFTPD, it works
fine... the debug message is a little big(> 9MB) so i only attach the
last few lines.

# global settings for entire site
ServerName "ftpm.dlmu.edu.cn<202.118.85.185>"
ServerType standalone
ServerIdent off
DefaultServer on
DefaultRoot /opt/

# h add <to make connection faster>
IdentLookups off
UseReverseDNS off

# h add <to ease the ASCII File Remote Compromise Vulnerability>
RootRevoke on

# h add <to try to deal with the scoreboard corruption problem>
#ScoreboardFile /var/run/proftpd/proftpd.scoreboard

# h add <to enable anonymous login>
RequireValidShell off

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
# h change 022--->002
Umask 002

# h <system LOG setting>
# this ftp's log files are in /var/log/proftpd/
SystemLog /var/log/proftpd/ftp.log
TransferLog none
# h <log format>
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

#ExtendedLog /var/log/proftpd/user.log auth
ExtendedLog /var/log/proftpd/write.log write
# h <some time setting>
TimeoutLogin 60
TimeoutIdle 60
TimeoutNoTransfer 60
TimeoutStalled 300

TimesGMT off

# h <some access control>
RootLogin off
<LIMIT Login>
Order deny,allow
黄志腾
2004-04-02 12:32:09 UTC
Permalink
My new installed ftp server using Proftpd1.2.9 encounter a strange
problem. It auto reset user's connection! I tried many time and could
not find out wether this kind of problem happened in a fixed sequence(by
time) or flow(by ratio). And I found out it had no business with ftp
client I use. Also, before I upgraded my server to 1.2.9,
proftpd(version came wiz SUSE 7.2) worked quite well(this machine hadn't
been restarted for 104 days until I upgraded).

Does anyone meet this problem before? I attached a ftp client log in
this mail.
--
»ÆÖŸÌÚ <***@newmail.dlmu.edu.cn>
Loading...