Hi All,

We're having problems setting up ftp and authenticating against the postgres 
database.

We've reviewed these pages and a few others:
Galaxy Page:
https://wiki.galaxyproject.org/Admin/Config/UploadviaFTP

Peter Briggs Blog Post:
http://galacticengineer.blogspot.co.uk/2015/02/ftp-upload-to-galaxy-using-proftpd-and.html

Ricardo Perez's Galaxy Developers thread that Peter referenced:
http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295.html

When we run proftpd in debug mode we get similar output to the one in Ricardo's 
thread:

Ricardo's command line output:
login002 proftpd[987] login002 (10.28.56.101[10.28.56.101]): 
mod_sql_passwd/0.4: expected 
'PBKDF2$sha256$10000$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh', got 
'cc0ef515d684386aaa500bf6499d9f512dfb332c'

Our output:
2016-04-20 10:53:42,597 pcegalaxy proftpd[18649] pcegalaxy.ci.northwestern.edu 
(lagunitas.kelleher.northwestern.edu[129.105.112.217]): mod_sql_passwd/0.7: 
expected 'NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu', got 
'g3L81voHwAEh8y0B9qBImZycWgS0w4Z4'

>From looking at the galaxy_user table, it seems like proftpd is finding the 
>correct password information (password in table: 
>PBKDF2$sha256$10000$kgyVpO6N2rWAbeX6$NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu).

The last post from that thread mentions back-channel advice that was helpful. 
Maybe we need the same advice ?

In case it's important we're using LDAP for our general user authentication.

Here is our proftpd.conf:
ServerName                                                        "Galaxy FTP 
File Upload"
ServerType                                                          standalone
DefaultServer                                                     on
PidFile                                                                    
/opt/apps/proftpd/1.3.5/var/proftpd.pid

# Port 21 is the standard FTP port.
Port                                                                         21

# Don't use IPv6 support by default.
UseIPv6                                                                 off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                                                                   077

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                                                     30

# Set the user and group under which the server will run.
User                                                                        
nobody
Group                                                                    nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Automatically create home directory if it doesn't exist
CreateHome                      on dirmode 700

# Allow users to overwrite their files
AllowOverwrite                  on

# Allow users to resume interrupted uploads
AllowStoreRestart               on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
  DenyAll
</Limit>

# Do not authenticate against real (system) users
AuthPAM                         off

## Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
SQLPasswordEngine               on

## Set this if Galaxy user UID and/or GID are less than 999
SQLMinID                                         400

## Configuration that handles PBKDF2 encryption
## Set up mod_sql to authenticate against the Galaxy database
SQLEngine                                        on
SQLBackend                                    postgres

SQLConnectInfo                            galaxy_db@localhost:5432 <USERNAME> 
<PASSWORD>
SQLAuthTypes                              PBKDF2
SQLPasswordPBKDF2                  SHA256 10000 24
SQLPasswordEncoding               base64
SQLAuthenticate                           users

## For PBKDF2 authentication
SQLPasswordUserSalt sql:/GetUserSalt

## Define a custom query for lookup that returns a passwd-like entry for PBKFD2
##  UID and GID should match your Galaxy user.
SQLUserInfo                                   custom:/LookupGalaxyUser
SQLNamedQuery                         LookupGalaxyUser SELECT "email, (CASE 
WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 
38 for 69) ELSE password END) AS 
password2,400,400,'/share/PCEitAdmin/Galaxy/external_users/%U','/bin/bash' FROM 
galaxy_user WHERE email='%U'"

## Define custom query to fetch the password salt
SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) 
= 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM 
galaxy_user WHERE email='%U'"

Any advice would be great.

Thanks,

Joe Greer
Northwestern University


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Reply via email to