Discussion:
[Proftpd-user] mod_sql and shadow passwords
Steven Festa
2004-02-14 18:22:02 UTC
Permalink
Greeting Everyone,

I've search the archives and googled for a solution, however it is not
resolved. I am in the process of cutting over authentication to mysql. I
compiled proftpd with mod_sql_mysql and OpenSSL and everything works fine,
however OpenSSL only accepts md5 hash for passwords. My current passwords
are in unix shadow md5 format ($1$....). Is it possible to get mod_sql to
use the unix format? I really don't want to force a password change for
350 users.
Any suggestions are much appreciated.

Steve
TJ Saunders
2004-02-15 17:32:10 UTC
Permalink
Post by Steven Festa
I've search the archives and googled for a solution, however it is not
resolved. I am in the process of cutting over authentication to mysql. I
compiled proftpd with mod_sql_mysql and OpenSSL and everything works fine,
however OpenSSL only accepts md5 hash for passwords. My current passwords
are in unix shadow md5 format ($1$....). Is it possible to get mod_sql to
use the unix format? I really don't want to force a password change for
350 users.
To do this, make sure your SQLAuthTypes configuration directive includes
the "Crypt" type:

http://www.castaglia.org/proftpd/modules/mod_sql.html#SQLAuthTypes

Hope this helps,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mediocrity knows nothing higher than itself, but talent instantly recognizes
genius.

-Sir Arthur Conan Doyle

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steven Festa
2004-02-15 19:13:34 UTC
Permalink
Post by TJ Saunders
Post by Steven Festa
I've search the archives and googled for a solution, however it is not
resolved. I am in the process of cutting over authentication to mysql. I
compiled proftpd with mod_sql_mysql and OpenSSL and everything works fine,
however OpenSSL only accepts md5 hash for passwords. My current passwords
are in unix shadow md5 format ($1$....). Is it possible to get mod_sql to
use the unix format? I really don't want to force a password change for
350 users.
To do this, make sure your SQLAuthTypes configuration directive includes
http://www.castaglia.org/proftpd/modules/mod_sql.html#SQLAuthTypes
I have SQLAuthTypes set to "Crypt", I can't login using md5 passwords only
standard crypt passwords. I've tried with OpenSSL but that wants the hash
valued of the md5 password. Is there somthing I am doing wrong?

Steve
TJ Saunders
2004-02-15 19:33:23 UTC
Permalink
Post by Steven Festa
I have SQLAuthTypes set to "Crypt", I can't login using md5 passwords only
standard crypt passwords. I've tried with OpenSSL but that wants the hash
valued of the md5 password. Is there somthing I am doing wrong?
You can use mulitple auth types, e.g.:

SQLAuthTypes Crypt OpenSSL

which will cause mod_sql to try crypt() first, then the OpenSSL format.

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The strongest man in the world is the one who stands alone.

-Henrik Ibsen

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steven Festa
2004-02-16 01:11:01 UTC
Permalink
<***@mercury.skynetbb.com><***@webmail.nothinbut.net>
<***@mercury.skynetbb.com>
Subject: Re: [Proftpd-user] mod_sql and shadow passwords
From: "Steven Festa" <***@nothinbut.net>
To: proftp-***@lists.sourceforge.net
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
X-Spam-Score: 0.8 (/)
X-Spam-Report: Spam Filtering performed by sourceforge.net.
See http://spamassassin.org/tag/ for more details.
Report problems to http://sf.net/tracker/?func=add&group_id=1&atid=200001
0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
Sender: proftp-user-***@lists.sourceforge.net
Errors-To: proftp-user-***@lists.sourceforge.net
X-BeenThere: proftp-***@lists.sourceforge.net
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
Reply-To: proftp-***@lists.sourceforge.net
X-Reply-To: ***@nothinbut.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/proftp-user>,
<mailto:proftp-user-***@lists.sourceforge.net?subject=unsubscribe>
List-Id: ProFTPD users support list <proftp-user.lists.sourceforge.net>
List-Post: <mailto:proftp-***@lists.sourceforge.net>
List-Help: <mailto:proftp-user-***@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/proftp-user>,
<mailto:proftp-user-***@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=proftp-user>
Date: Sun Feb 15 19:11:01 2004
X-Original-Date: Sun, 15 Feb 2004 22:22:26 -0500 (EST)
Post by TJ Saunders
Post by Steven Festa
I have SQLAuthTypes set to "Crypt", I can't login using md5 passwords only
standard crypt passwords. I've tried with OpenSSL but that wants the hash
valued of the md5 password. Is there somthing I am doing wrong?
SQLAuthTypes Crypt OpenSSL
which will cause mod_sql to try crypt() first, then the OpenSSL format.
I tried what you recommended but still can get authenticated with shadow
style passwords. And it is impossible to convert md5 to crypt. Is anyone
using md5 shadow style passwds?

Steve
TJ Saunders
2004-02-16 01:18:02 UTC
Permalink
Post by Steven Festa
I tried what you recommended but still can get authenticated with shadow
style passwords.
What does server debugging output show when you try this? What does the
SQLLogFile show?

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Drink to me only with thine eyes,
And I will pledge with mine;
Or leave a kiss but in the cup
And I'll not look for wine.

-Ben Jonson

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steven Festa
2004-02-16 01:41:10 UTC
Permalink
<***@mercury.skynetbb.com><***@webmail.nothinbut.net>

<***@mercury.skynetbb.com><***@webmail.nothinbut.net>
<***@mercury.skynetbb.com>
Subject: Re: [Proftpd-user] mod_sql and shadow passwords
From: "Steven Festa" <***@nothinbut.net>
To: proftp-***@lists.sourceforge.net
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
X-Spam-Score: 0.8 (/)
X-Spam-Report: Spam Filtering performed by sourceforge.net.
See http://spamassassin.org/tag/ for more details.
Report problems to http://sf.net/tracker/?func=add&group_id=1&atid=200001
0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
Sender: proftp-user-***@lists.sourceforge.net
Errors-To: proftp-user-***@lists.sourceforge.net
X-BeenThere: proftp-***@lists.sourceforge.net
X-Mailman-Version: 2.0.9-sf.net
Precedence: bulk
Reply-To: proftp-***@lists.sourceforge.net
X-Reply-To: ***@nothinbut.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/proftp-user>,
<mailto:proftp-user-***@lists.sourceforge.net?subject=unsubscribe>
List-Id: ProFTPD users support list <proftp-user.lists.sourceforge.net>
List-Post: <mailto:proftp-***@lists.sourceforge.net>
List-Help: <mailto:proftp-user-***@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/proftp-user>,
<mailto:proftp-user-***@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=proftp-user>
Date: Sun Feb 15 19:41:10 2004
X-Original-Date: Sun, 15 Feb 2004 22:53:02 -0500 (EST)
Post by TJ Saunders
Post by Steven Festa
I tried what you recommended but still can get authenticated with shadow
style passwords.
What does server debugging output show when you try this? What does the
SQLLogFile show?
I figured it out. Sorry for all the questions, I really appreciate the
help you offered. Anyway, the passwd field in ftpuser was varchar(32). Md5
passwords are a 34 character string beginning with $1$. I should have
thought to look there earlier. I completely overlooked this in the docs.

To create a user table:

CREATE TABLE users (userid VARCHAR(30) NOT NULL UNIQUE, passwd
VARCHAR(80) NOT NULL, uid INTEGER UNIQUE, gid INTEGER, homedir
VARCHAR(255), shell VARCHAR(255))

Thanks Again :)

Steve

Loading...