Chapter 8. Authentication

Table of Contents
Password files
Pluggable Authentication Modules (PAM)
Lightweight Directory Access Protocol (LDAP)
Normal users can't login, only anon.
Other authentication methods

One of the core functions of every ftp is how it authenticates it's local users and assigns them the access rights to the ftp filesystem. At the moment Proftpd only supports the standard plaintext USER/PASS authentication interface, there is work underway to support crypted passwords, this will probably surface in the 1.3.x development series and the 1.4.x stable codebase which results from it.

Providing the backend to the user authentication interface there re a host of methods for storing user information and querying these databases of users for valid authentication sequences. The standard in ProFTPD is the Pluggable Authentication Modules system, or PAM. Support is also provided for the classic /etc/passwd and /etc/shadow password files as well as more "interesting" solutions such as SQL and LDAP.

Password files

Three variants on the password file theme are supported by the core Proftpd authentication code, these are /etc/passwd, /etc/shadow and uderdefined files by using the AuthUserFile and AuthGroupFile directives.

Support for passwd and shadow files is simple and well documented and conforms to the accepted standards and methods for handling these authentication sources. It should be noted that Proftpd unless told otherwise, by using "PersistantPassword off" directive, will attempt to open and leave open the passwd file throughout the life of the server process. /etc/passwd /etc/shadow AuthUserFile crypt, code fragment for generating cryoted passwords NIS magic...