Sophie

Sophie

distrib > Fedora > 14 > x86_64 > media > updates > by-pkgid > 8f7c9a275934eff59b20e5b18a0129a0 > files > 91

proftpd-1.3.3g-1.fc14.x86_64.rpm

<!-- $Id: mod_sql_passwd.html,v 1.8 2010/02/01 19:30:13 castaglia Exp $ -->
<!-- $Source: /cvsroot/proftp/proftpd/doc/contrib/mod_sql_passwd.html,v $ -->

<html>
<head>
<title>ProFTPD module mod_sql_passwd</title>
</head>

<body bgcolor=white>

<hr>
<center>
<h2><b>ProFTPD module <code>mod_sql_passwd</code></b></h2>
</center>
<hr><br>

<p>
Many FTP sites use SQL databases for storing user accounts, including the
user name and password.  And while the <code>mod_sql</code> module provides
support for some formats for the passwords stored in SQL databases, many
sites have other formats which are <i>not</i> supported by <code>mod_sql</code>.
These other formats often include MD5 or SHA1 passwords, base64-encoded
or hex-encoded, <i>without</i> the prefix which is required by
<code>mod_sql</code>'s "OpenSSL" <code>SQLAuthType</code>.

<p>
The <code>mod_sql_passwd</code> module provides support for some of these
other formats.  When the <code>mod_sql_passwd</code> module is enabled,
you can configure <code>SQLAuthTypes</code> of "MD5", "SHA1", "SHA256", or
"SHA512", as well as the existing types supported by <code>mod_sql</code>.

<p>
This module is contained in the <code>mod_sql_passwd.c</code> file for
ProFTPD 1.3.<i>x</i>, and is not compiled by default.  Installation
instructions are discussed <a href="#Installation">here</a>; a discussion
on <a href="#Usage">usage</a> is also available.

<p>
This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).

<p>
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com).

<p>
The most current version of <code>mod_sql_passwd</code> is distributed with
ProFTPD.

<h2>Author</h2>
<p>
Please contact TJ Saunders &lt;tj <i>at</i> castaglia.org&gt; with any
questions, concerns, or suggestions regarding this module.

<h2>Directives</h2>
<ul>
  <li><a href="#SQLPasswordEncoding">SQLPasswordEncoding</a>
  <li><a href="#SQLPasswordEngine">SQLPasswordEngine</a>
  <li><a href="#SQLPasswordSaltFile">SQLPasswordSaltFile</a>
  <li><a href="#SQLPasswordUserSalt">SQLPasswordUserSalt</a>
</ul>

<hr>
<h2><a name="SQLPasswordEncoding">SQLPasswordEncoding</a></h2>
<strong>Syntax:</strong> SQLPasswordEncoding <em>encoding</em><br>
<strong>Default:</strong> <em>hex</em><br>
<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><em></em><br>
<strong>Module:</strong> mod_sql_passwd<br>
<strong>Compatibility:</strong> 1.3.3rc2 and later

<p>
The <code>SQLPasswordEncoding</code> directive configures the encoding that
<code>mod_sql_passwd</code> expects when handling password values retrieved
from a SQL database.

<p>
The following <em>encoding</em> values are currently supported:
<ul>
  <li>base64
  <li>hex (<i>for lowercase hex values</i>)
  <li>HEX (<i>for uppercase hex values</i>)
</ul>

<p>
If no <code>SQLPasswordEncoding</code> directive is configured,
<code>mod_sql_passwd</code> will use "hex" by default.

<hr>
<h2><a name="SQLPasswordEngine">SQLPasswordEngine</a></h2>
<strong>Syntax:</strong> SQLPasswordEngine <em>on|off</em><br>
<strong>Default:</strong> <em>off</em><br>
<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>
<strong>Module:</strong> mod_sql_passwd<br>
<strong>Compatibility:</strong> 1.3.3rc2 and later

<p>
The <code>SQLPasswordEngine</code> directive enables or disables the module's
registered <code>SQLAuthType</code> handlers.

<hr>
<h2><a name="SQLPasswordSaltFile">SQLPasswordSaltFile</a></h2>
<strong>Syntax:</strong> SQLPasswordSaltFile <em>path|"none" ["prepend"|"append"]</em><br>
<strong>Default:</strong> <em>none</em><br>
<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>
<strong>Module:</strong> mod_sql_passwd<br>
<strong>Compatibility:</strong> 1.3.3rc2 and later

<p>
The <code>SQLPasswordSaltFile</code> directive configures a file which contains
salt data.  This salt will be added to the digest, along with the password
sent by the client.  Note that the salt will be used for all users.

<p>
Since many editors will automatically add a newline when writing a file,
the <code>mod_sql_passwd</code> file will automatically trim the last newline
in the salt data, if there is one.  This means that if your salt <b>must</b>
end in a newline character, then your <code>SQLPasswordSaltFile</code> must
contain "<i>salt</i>\n\n".

<p>
When using salted passwords, some systems will <i>prepend</i> the salt as a
prefix to the data, and others will <i>append</i> the salt as a suffix.  The
optional second parameter to <code>SQLPasswordSaltFile</code> controls how
this module will use the salt:
<pre>
  SQLPasswordSaltFile /path/to/salt prepend
</pre>
tells <code>mod_sql_passwd</code> to prepend the salt as a prefix, and:
<pre>
  SQLPasswordSaltFile /path/to/salt append
</pre>
will cause the salt to be appended as a sufix.  <b>Note</b> that the default
behavior is to <i>append</i> the salt as a suffix.

<p>
If no <code>SQLPasswordSaltFile</code> is configured, then no salting is done.

<hr>
<h2><a name="SQLPasswordUserSalt">SQLPasswordUserSalt</a></h2>
<strong>Syntax:</strong> SQLPasswordUserSalt <em>"name"|source ["prepend"|"append"]</em><br>
<strong>Default:</strong> <em>none</em><br>
<strong>Context:</strong> &quot;server config&quot;, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code>
<strong>Module:</strong> mod_sql_passwd<br>
<strong>Compatibility:</strong> 1.3.3 and later

<p>
The <code>SQLPasswordUserSalt</code> directive configures a per-user
salt that will be added to the digest, along with the password sent by the
client.

<p>
If <em>"name"</em> is specified, then the per-user salt data will be the
name of the user logging in.  Alternatively, you can configure a
<code>SQLNamedQuery</code> which returns a single column of a single
row, containing a string to use as the salt data, <i>e.g.</i>:
<pre>
  SQLNamedQuery get-user-salt SELECT "salt FROM user_salts WHERE user_name = '%{0}'"
  SQLPasswordUserSalt sql:/get-user-salt
</pre>

<p>
When using salted passwords, some systems will <i>prepend</i> the salt as a
prefix to the data, and others will <i>append</i> the salt as a suffix.  The
optional second parameter to <code>SQLPasswordUserSalt</code> controls how
this module will use the salt:
<pre>
  SQLPasswordUserSalt name prepend
</pre>
tells <code>mod_sql_passwd</code> to prepend the salt as a prefix, and:
<pre>
  SQLPasswordUserSalt name append
</pre>
will cause the salt to be appended as a sufix.  <b>Note</b> that the default
behavior is to <i>append</i> the salt as a suffix.

<hr>
<h2><a name="Installation">Installation</a></h2>
The <code>mod_sql_passwd</code> module is distributed with ProFTPD.  Simply
follow the normal steps for using third-party modules in proftpd.  The
<code>mod_sql_passwd</code> module requires OpenSSL support, so you <b>must</b>
use the <code>--enable-openssl</code> configuration option.
<b>NOTE</b>: it is <b>important</b> that <code>mod_sql_passwd</code> appear
<i>after</i> <code>mod_sql</code> in your <code>--with-modules</code> configure
option:
<pre>
  ./configure --enable-openssl --with-modules=mod_sql:mod_sql_passwd ...
</pre>
To build <code>mod_sql_passwd</code> as a DSO module:
<pre>
  ./configure --enable-dso --enable-openssl --with-shared=mod_sql_passwd
</pre>
Then follow the usual steps:
<pre>
  make
  make install
</pre>

<p>
For those with an existing ProFTPD installation, you can use the
<code>prxs</code> tool to add <code>mod_sql_passwd</code>, as a DSO module, to
your existing server:
<pre>
  # prxs -c -i -d mod_sql_passwd.c
</pre>

<hr>
<h2><a name="Usage">Usage</a></h2>

<p>
The following examples demonstrate how the <code>mod_sql_passwd</code> can
be used.

<p>
To configure <code>mod_sql_passwd</code> to handle MD5 passwords that are
base64-encoded, use:
<pre>
  &lt;IfModule mod_sql_passwd.c&gt;
    SQLPasswordEngine on
    SQLPasswordEncoding base64
  &lt;/IfModule&gt;

  &lt;IfModule mod_sql.c&gt;
    ...

    # Now that mod_sql_passwd is used, we can configure "MD5" as an
    # SQLAuthType that mod_sql will handle.
    SQLAuthTypes MD5
  &lt;/IfModule&gt;
</pre>

<p>
To have <code>mod_sql_passwd</code> to handle hex-encoded (<i>and</i> in
lowercase) passwords, use:
<pre>
  &lt;IfModule mod_sql_passwd.c&gt;
    SQLPasswordEngine on
    SQLPasswordEncoding hex
  &lt;/IfModule&gt;
</pre>

<p>
And if for some reason your database values are stored as hex values in
uppercase, you would use:
<pre>
  &lt;IfModule mod_sql_passwd.c&gt;
    SQLPasswordEngine on
    SQLPasswordEncoding HEX
  &lt;/IfModule&gt;
</pre>

<p>
To use salted passwords, write the salt to use into a file, and configure
the <code>mod_sql_passwd<code> module to use it:
<pre>
  &lt;IfModule mod_sql_passwd.c&gt;
    SQLPasswordEngine on
    SQLPasswordEncoding hex
    SQLPasswordSaltFile /path/to/salt
  &lt;/IfModule&gt;
</pre>

<p>
<hr><br>

Author: <i>$Author: castaglia $</i><br>
Last Updated: <i>$Date: 2010/02/01 19:30:13 $</i><br>

<br><hr>

<font size=2><b><i>
&copy; Copyright 2009-2010 TJ Saunders<br>
 All Rights Reserved<br>
</i></b></font>

<hr><br>

</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional