Hi All, We're having problems setting up ftp and authenticating against the postgres database.
We've reviewed these pages and a few others: Galaxy Page: https://wiki.galaxyproject.org/Admin/Config/UploadviaFTP Peter Briggs Blog Post: http://galacticengineer.blogspot.co.uk/2015/02/ftp-upload-to-galaxy-using-proftpd-and.html Ricardo Perez's Galaxy Developers thread that Peter referenced: http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295.html When we run proftpd in debug mode we get similar output to the one in Ricardo's thread: Ricardo's command line output: login002 proftpd[987] login002 (10.28.56.101[10.28.56.101]): mod_sql_passwd/0.4: expected 'PBKDF2$sha256$10000$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh', got 'cc0ef515d684386aaa500bf6499d9f512dfb332c' Our output: 2016-04-20 10:53:42,597 pcegalaxy proftpd[18649] pcegalaxy.ci.northwestern.edu (lagunitas.kelleher.northwestern.edu[129.105.112.217]): mod_sql_passwd/0.7: expected 'NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu', got 'g3L81voHwAEh8y0B9qBImZycWgS0w4Z4' >From looking at the galaxy_user table, it seems like proftpd is finding the >correct password information (password in table: >PBKDF2$sha256$10000$kgyVpO6N2rWAbeX6$NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu). The last post from that thread mentions back-channel advice that was helpful. Maybe we need the same advice ? In case it's important we're using LDAP for our general user authentication. Here is our proftpd.conf: ServerName "Galaxy FTP File Upload" ServerType standalone DefaultServer on PidFile /opt/apps/proftpd/1.3.5/var/proftpd.pid # Port 21 is the standard FTP port. Port 21 # Don't use IPv6 support by default. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 077 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nobody # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Automatically create home directory if it doesn't exist CreateHome on dirmode 700 # Allow users to overwrite their files AllowOverwrite on # Allow users to resume interrupted uploads AllowStoreRestart on # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> # Bar use of RETR (download) since this is not a public file drop <Limit RETR> DenyAll </Limit> # Do not authenticate against real (system) users AuthPAM off ## Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on ## Set this if Galaxy user UID and/or GID are less than 999 SQLMinID 400 ## Configuration that handles PBKDF2 encryption ## Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres SQLConnectInfo galaxy_db@localhost:5432 <USERNAME> <PASSWORD> SQLAuthTypes PBKDF2 SQLPasswordPBKDF2 SHA256 10000 24 SQLPasswordEncoding base64 SQLAuthenticate users ## For PBKDF2 authentication SQLPasswordUserSalt sql:/GetUserSalt ## Define a custom query for lookup that returns a passwd-like entry for PBKFD2 ## UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,400,400,'/share/PCEitAdmin/Galaxy/external_users/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" ## Define custom query to fetch the password salt SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'" Any advice would be great. Thanks, Joe Greer Northwestern University
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
