RE: secure way for users webpage uploads
> -----Mensaje original-----
> De: A. Vije [mailto:linuxinfo@linuxinfo.nl]
> Enviado el: lunes, 17 de julio de 2000 19:02
> Para: Joaquin Ferrero
> Asunto: RE: secure way for users webpage uploads
>
>
> I`m sorry to bother you but since i soon have to manage a complete set of
> webservers i have some questions for you:
>
> Are you using mysql also for user authentication when the logon?
> if so: do you know some documentation that covers these settings?
>
> On Mon, 17 Jul 2000, Joaquin Ferrero wrote:
> > I use proftpd with mysql users auth:
> >
> > /etc/proftpd.conf:
> > --------------------------------------------------
> > <Directory /*>
> > AllowOverwrite on
> > HideNoAccess
> > HideUser root
> > HideGroup root
> > <LIMIT READ>
> > IgnoreHidden on
> > </LIMIT>
> > </Directory>
> >
> > DefaultRoot ~/public_html users,!www
> >
> > MySQLInfo localhost webuser epf83hjr http_auth
> > SQLUserTable mysql_auth
> > SQLUsernameField username
> > SQLPasswordField passwd
> > SQLEncryptedPasswords on
> > --------------------------------------------------
> >
> > The most important:
> >
> > DefaultRoot ~/public_html users,!www
> >
> > permit users (group users) view yours public_html, and no more.
> > And administrators (group www) can view others dirs.
> >
> >
> > Joaquin Ferrero
> > explorer@pucela.net
> >
I use mysql for:
1. Imap authetication via pam (with pam_mysql)
/etc/pam.d/imap:
auth required pam_mysql.so host=localhost database=http_auth user=webuser password=epf83hjr table=mysql_auth usercol=username
passwordcol=passwd crypt=n
2. Ftp (proftpd) with the sample mailed
3. Web (apache), with /etc/apache/http.conf:
---------------------------------------------------
LoadModule auth_mysql_module /usr/lib/apache/1.3/mod_auth_mysql.so
<Directory /home/atari/public_html/pruebas>
Auth_MySQL_Password_Table mysql_auth
Auth_MySQL_Encrypted_Passwords on
</Directory>
# Autenticación por mysql
Auth_MySQL_Info localhost webuser epf83hjr
Auth_MySQL_General_DB http_auth
---------------------------------------------------
This authetication is for dirs with .htaccess files
Really, with pam_mysql can authenticate many services...
Web address...
web:
http://www.mysql.com/downloads/contrib.html
mysql:
http://bourbon.netvision.net.il/mysql/mod_auth_mysql/
pam_mysql:
https://sourceforge.net/projects/pam-mysql/ (not supported!!)
But is not easy...
I needed edit & compile the pam_mysql v0.2 (because I dont like your auth system).
And edit & compile the proftpd package, because the standard proftpd distribution dont have mysql & pam support.
And download the mysql & pam sources (I needed yours libs for the previous compiles).
TODO:
sendmail+mysql...
http://sendmail.jacked-in.org/
but have patchs very, very large :(
Joaquin Ferrero
explorer@pucela.net
Reply to:
- Follow-Ups:
- only POP3
- From: Aubert Gabor <aboy@d-eyes.pganet.com>