Re: [galaxy-dev] ProFTPD integration with Galaxy
I noticed the errors in the SUBSTRING length too and I modified my configuration file accordingly but still not able to authenticate :( F. Il 22/07/13 05.40, TerryYeh@NARL ha scritto: Dear All, I am having a similar problem too. I followed the config setting provide by Mr. Perez and modified some possible error. I still cannot login my ftp server. Following is my proftpd.conf. Please help me to figure out the problem. Thanks a lot!! # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType standalone DefaultServer on # Port 21 is the standard FTP port Port 2121 # Don't use IPv6 support by default. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances30 # Set the user and group under which the server will run. User username Group groupname PassivePorts 4 40999 # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ CreateHome on dirmode 700 # Normally, we want files to be overwriteable. AllowOverwrite on AllowStoreRestart on # Bar use of SITE CHMOD by default DenyAll DenyAll LoadModule mod_sql.c LoadModule mod_sql_passwd.c LoadModule mod_sql_postgres.c SQLLogFile /pkg/biology/galaxy/proftpd/log/proftpd-sql-local ## ServerLog /pkg/biology/galaxy/proftpd/var/proftpd-server.log SystemLog /pkg/biology/galaxy/proftpd/var/proftpd-system.log #AuthPAMConfig ftp #AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not authenticate against real (system) users AuthPAM off #AuthOrder mod_sql.c # Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on SQLPasswordEncoding hex # Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres SQLConnectInfo galaxy@localhost username password SQLAuthTypes SHA1 SHA256 pbkdf2 SQLPasswordPBKDF2 SHA256 1 24 SQLAuthenticate users # An empty directory in case chroot fails #SQLDefaultHomedir /var/opt/local/proftpd # Define a custom query for lookup that returns a passwd-like entry. UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLPasswordUserSalt sql:/GetUserSalt #SQLNamedQuery LookupGalaxyUser SELECT "email,password,'12345','1234','/home/username/galaxyftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 32) ELSE password END) AS password,'12345','1234','/home/username/galaxyftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLNamedQueryGetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'" I still get the message of authentication failed. 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: checking password using SQLAuthType 'sha1' 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: 'sha1' SQLAuthType handler reports failure 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: checking password using SQLAuthType 'sha256' 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: 'sha256' SQLAuthType handler reports failure 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: checking password using SQLAuthType 'pbkdf2' 2013-07-22 11:07:29,619 mod_sql/4.3[8124]: 'pbkdf2' SQLAuthType handler reports failure Any suggestion on my configuration file, Thanks. ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Federico Zambelli, Ph.D. Bioinformatics, Evolution and Comparative Genomics Lab Dept. of Biosciences University of Milano - Italy What can be asserted without proof can be dismissed without proof. ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Ga
Re: [galaxy-dev] ProFTPD integration with Galaxy
Sorry, I didn't see the recent changes... 2013/7/22 Rémy Dernat > Hi, > > 1/ Do you know who is your (FTP) galaxy user ? The proftpd daemon should > run whith this user (be carefull to permissions). > 2/ Did you try a simpler way to authenticate to your postgresql server ? > I mean, you choose to add some parameter as "SQLPasswordPBKDF2" or > "SQLPasswordUserSalt". > You should know what kind of algorithm is used to encrypt password on your > postgres server and then use it... > Follow this tutorial : > http://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP > > If it works, then add 'salt' method if you wish, or other algorithm/method > to encrypt password... > > Regards > > > 2013/7/22 TerryYeh@NARL > >> Dear All, >> >> I am having a similar problem too. I followed the config setting >> provide by Mr. Perez and modified some possible error. I still cannot login >> my ftp server. Following is my proftpd.conf. Please help me to figure out >> the problem. Thanks a lot!! >> >> ** ** >> >> # This is a basic ProFTPD configuration file (rename it to >> >> # 'proftpd.conf' for actual use. It establishes a single server >> >> # and a single anonymous login. It assumes that you have a user/group*** >> * >> >> # "nobody" and "ftp" for normal operation and anon. >> >> ** ** >> >> ServerName "ProFTPD Default Installation" >> >> ServerType standalone >> >> DefaultServer on >> >> ** ** >> >> # Port 21 is the standard FTP port >> >> Port2121 >> >> ** ** >> >> # Don't use IPv6 support by default. >> >> UseIPv6 off >> >> ** ** >> >> # Umask 022 is a good standard umask to prevent new dirs and files >> >> # from being group and world writable. >> >> Umask 022 >> >> ** ** >> >> # To prevent DoS attacks, set the maximum number of child processes >> >> # to 30. If you need to allow more than 30 concurrent connections >> >> # at once, simply increase this value. Note that this ONLY works >> >> # in standalone mode, in inetd mode you should use an inetd server >> >> # that allows you to limit maximum number of processes per service >> >> # (such as xinetd). >> >> MaxInstances30 >> >> ** ** >> >> # Set the user and group under which the server will run. >> >> Userusername >> >> Group groupname >> >> ** ** >> >> ** ** >> >> PassivePorts4 40999 >> >> # To cause every FTP user to be "jailed" (chrooted) into their home >> >> # directory, uncomment this line. >> >> #DefaultRoot ~ >> >> ** ** >> >> CreateHome on dirmode 700 >> >> ** ** >> >> # Normally, we want files to be overwriteable. >> >> AllowOverwrite on >> >> ** ** >> >> AllowStoreRestart on >> >> ** ** >> >> ** ** >> >> # Bar use of SITE CHMOD by default >> >> >> >> DenyAll >> >> >> >> ** ** >> >> >> >> DenyAll >> >> >> >> ** ** >> >> ** ** >> >> >> >> LoadModule mod_sql.c >> >> LoadModule mod_sql_passwd.c >> >> LoadModule mod_sql_postgres.c >> >> >> >> ** ** >> >> SQLLogFile /pkg/biology/galaxy/proftpd/log/proftpd-sql-local >> >> ** ** >> >> ## >> >> ** ** >> >> ServerLog /pkg/biology/galaxy/proftpd/var/proftpd-server.log >> >> SystemLog /pkg/biology/galaxy/proftpd/var/proftpd-system.log >> >> ** ** >> >> ** ** >> >> #AuthPAMConfig ftp >> >> #AuthOrder mod_auth_pam.c* mod_auth_unix.c >> >> ** ** >> >> ** ** >> >> # Do not authenticate against real (system) users >> >> AuthPAM off >> >> #AuthOrder mod_sql.c >> >> ** ** >> >> ** ** >> >> # Set up mod_sql_password - Galaxy passwords are stored as hex-encoded >> SHA1 >> >> SQLPasswordEngine on >> >> SQLPasswordEncoding hex >> >> ** ** >> >> # Set up mod_sql to authenticate against the Galaxy database >> >> SQLEngine on >> >> SQLBackend postgres >> >> SQLConnectInfo galaxy@localhost username password >> >> SQLAuthTypesSHA1 SHA256 pbkdf2 >> >> SQLPasswordPBKDF2 SHA256 1 24 >> >> ** ** >> >> SQLAuthenticate users >> >> ** ** >> >> ** ** >> >> # An empty directory in case chroot fails >> >> #SQLDefaultHomedir /var/opt/local/proftpd >> >> ** ** >> >> # Define a custom query for lookup that returns a passwd-like entry. UID >> and GID should match your Galaxy user. >> >> ** ** >> >> SQLUserInfo custom:/LookupGalaxyUser >> >> SQLPasswordUserSalt sql:/GetUserSalt >> >> ** ** >> >> #SQLNamedQuery LookupGalaxyUser SELECT >> "email,password,'12345
Re: [galaxy-dev] ProFTPD integration with Galaxy
Hi, 1/ Do you know who is your (FTP) galaxy user ? The proftpd daemon should run whith this user (be carefull to permissions). 2/ Did you try a simpler way to authenticate to your postgresql server ? I mean, you choose to add some parameter as "SQLPasswordPBKDF2" or "SQLPasswordUserSalt". You should know what kind of algorithm is used to encrypt password on your postgres server and then use it... Follow this tutorial : http://wiki.galaxyproject.org/Admin/Config/Upload%20via%20FTP If it works, then add 'salt' method if you wish, or other algorithm/method to encrypt password... Regards 2013/7/22 TerryYeh@NARL > Dear All, > > I am having a similar problem too. I followed the config setting > provide by Mr. Perez and modified some possible error. I still cannot login > my ftp server. Following is my proftpd.conf. Please help me to figure out > the problem. Thanks a lot!! > > ** ** > > # This is a basic ProFTPD configuration file (rename it to > > # 'proftpd.conf' for actual use. It establishes a single server > > # and a single anonymous login. It assumes that you have a user/group > > # "nobody" and "ftp" for normal operation and anon. > > ** ** > > ServerName "ProFTPD Default Installation" > > ServerType standalone > > DefaultServer on > > ** ** > > # Port 21 is the standard FTP port > > Port2121 > > ** ** > > # Don't use IPv6 support by default. > > UseIPv6 off > > ** ** > > # Umask 022 is a good standard umask to prevent new dirs and files > > # from being group and world writable. > > Umask 022 > > ** ** > > # To prevent DoS attacks, set the maximum number of child processes > > # to 30. If you need to allow more than 30 concurrent connections > > # at once, simply increase this value. Note that this ONLY works > > # in standalone mode, in inetd mode you should use an inetd server > > # that allows you to limit maximum number of processes per service > > # (such as xinetd). > > MaxInstances30 > > ** ** > > # Set the user and group under which the server will run. > > Userusername > > Group groupname > > ** ** > > ** ** > > PassivePorts4 40999 > > # To cause every FTP user to be "jailed" (chrooted) into their home > > # directory, uncomment this line. > > #DefaultRoot ~ > > ** ** > > CreateHome on dirmode 700 > > ** ** > > # Normally, we want files to be overwriteable. > > AllowOverwrite on > > ** ** > > AllowStoreRestart on > > ** ** > > ** ** > > # Bar use of SITE CHMOD by default > > > > DenyAll > > > > ** ** > > > > DenyAll > > > > ** ** > > ** ** > > > > LoadModule mod_sql.c > > LoadModule mod_sql_passwd.c > > LoadModule mod_sql_postgres.c > > > > ** ** > > SQLLogFile /pkg/biology/galaxy/proftpd/log/proftpd-sql-local > > ** ** > > ## > > ** ** > > ServerLog /pkg/biology/galaxy/proftpd/var/proftpd-server.log > > SystemLog /pkg/biology/galaxy/proftpd/var/proftpd-system.log > > ** ** > > ** ** > > #AuthPAMConfig ftp > > #AuthOrder mod_auth_pam.c* mod_auth_unix.c > > ** ** > > ** ** > > # Do not authenticate against real (system) users > > AuthPAM off > > #AuthOrder mod_sql.c > > ** ** > > ** ** > > # Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 > > > SQLPasswordEngine on > > SQLPasswordEncoding hex > > ** ** > > # Set up mod_sql to authenticate against the Galaxy database > > SQLEngine on > > SQLBackend postgres > > SQLConnectInfo galaxy@localhost username password > > SQLAuthTypesSHA1 SHA256 pbkdf2 > > SQLPasswordPBKDF2 SHA256 1 24 > > ** ** > > SQLAuthenticate users > > ** ** > > ** ** > > # An empty directory in case chroot fails > > #SQLDefaultHomedir /var/opt/local/proftpd > > ** ** > > # Define a custom query for lookup that returns a passwd-like entry. UID > and GID should match your Galaxy user. > > ** ** > > SQLUserInfo custom:/LookupGalaxyUser > > SQLPasswordUserSalt sql:/GetUserSalt > > ** ** > > #SQLNamedQuery LookupGalaxyUser SELECT > "email,password,'12345','1234','/home/username/galaxyftp/%U','/bin/bash' > FROM galaxy_user WHERE email='%U'" > > SQLNamedQueryLookupGalaxyUser SELECT "email, (CASE WHEN > substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 > for 32) ELSE password END) AS > password,'12345','1234','/home/username/galaxyftp/
Re: [galaxy-dev] ProFTPD integration with Galaxy
Dear All, I am having a similar problem too. I followed the config setting provide by Mr. Perez and modified some possible error. I still cannot login my ftp server. Following is my proftpd.conf. Please help me to figure out the problem. Thanks a lot!! # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType standalone DefaultServer on # Port 21 is the standard FTP port Port2121 # Don't use IPv6 support by default. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances30 # Set the user and group under which the server will run. Userusername Group groupname PassivePorts4 40999 # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ CreateHome on dirmode 700 # Normally, we want files to be overwriteable. AllowOverwrite on AllowStoreRestart on # Bar use of SITE CHMOD by default DenyAll DenyAll LoadModule mod_sql.c LoadModule mod_sql_passwd.c LoadModule mod_sql_postgres.c SQLLogFile /pkg/biology/galaxy/proftpd/log/proftpd-sql-local ## ServerLog /pkg/biology/galaxy/proftpd/var/proftpd-server.log SystemLog /pkg/biology/galaxy/proftpd/var/proftpd-system.log #AuthPAMConfig ftp #AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not authenticate against real (system) users AuthPAM off #AuthOrder mod_sql.c # Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on SQLPasswordEncoding hex # Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres SQLConnectInfo galaxy@localhost username password SQLAuthTypesSHA1 SHA256 pbkdf2 SQLPasswordPBKDF2 SHA256 1 24 SQLAuthenticate users # An empty directory in case chroot fails #SQLDefaultHomedir /var/opt/local/proftpd # Define a custom query for lookup that returns a passwd-like entry. UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLPasswordUserSalt sql:/GetUserSalt #SQLNamedQuery LookupGalaxyUser SELECT "email,password,'12345','1234','/home/username/galaxyftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLNamedQueryLookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 32) ELSE password END) AS password,'12345','1234','/home/username/galaxyftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLNamedQueryGetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'" I still get the message of authentication failed. 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: checking password using SQLAuthType 'sha1' 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: 'sha1' SQLAuthType handler reports failure 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: checking password using SQLAuthType 'sha256' 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: 'sha256' SQLAuthType handler reports failure 2013-07-22 11:07:29,590 mod_sql/4.3[8124]: checking password using SQLAuthType 'pbkdf2' 2013-07-22 11:07:29,619 mod_sql/4.3[8124]: 'pbkdf2' SQLAuthType handler reports failure Any suggestion on my configuration file, Thanks. ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] ProFTPD integration with Galaxy
Ricardo, I followed the advice you offered back-channel and backed off the galaxy changes to support pbkdf2. I can now authenticate via the latest stable release of ProFTPD. Thanks! Malcolm On Thursday 20 June 2013 10:54:44 Perez, Ricardo wrote: > I am sorry, i posted the wrong configuration file above. I am posting now > the updated proftpd.conf , the differences is that some things are commented > out and others are not. > > # This is a basic ProFTPD configuration file (rename it to > # 'proftpd.conf' for actual use. It establishes a single server > # and a single anonymous login. It assumes that you have a user/group > # "nobody" and "ftp" for normal operation and anon. > > ServerName"Genomics01 ProFTPd" > ServerTypestandalone > DefaultServer on > DeferWelcomeoff > UseIPv6 on > IdentLookupsoff > MultilineRFC2228on > ShowSymlinkson > > ModulePath > /usr/local/galaxy/downloads/proftpd-1.3.5rc3/modules/ > > LoadModulemod_sql.c > LoadModulemod_sql_postgres.c > LoadModulemod_sql_passwd.c > > > SQLBackendpostgres > SQLEngine on > SQLAuthenticate users > SQLAuthTypes SHA1 SHA256 pbkdf2 > SQLPasswordPBKDF2 SHA256 1000 24 > #SQLPasswordSaltFile /path/to/file > SQLConnectInfogalaxydb@localhost:5432 ftpuser > mypassword > SQLUserInfo custom:/LookupGalaxyUser > #SQLNamedQueryLookupGalaxyUser SELECT > "email,password,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' > FROM galaxy_user WHERE email='%U'" > > SQLPasswordUserSalt sql:/GetUserSalt > > > SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN > substring(password from 1 for 6) = 'PBDKF2' THEN substring(password from 38 > for 69) ELSE password END) AS > password2,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' > FROM galaxy_user WHERE email='%U'" > > SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING > (password from 1 for 6) = 'PBDKF2' THEN SUBSTRING (password from 21 for 36) > END) AS salt FROM galaxy_user WHERE email='%U'" > > > > > SQLDefaultGID 1002 > SQLDefaultUID 1002 > > TimeoutNoTransfer 600 > TimeoutStalled 600 > TimeoutIdle 1200 > > DisplayLoginwelcome.msg > DisplayChdir.message true > ListOptions "-l" > > DenyFilter \*.*/ > > # Use this to jail all users in their homes > DefaultRoot ~ > CreateHome on dirmode 700 > AllowOverwrite on > AllowStoreRestart on > SQLPasswordEngine on > SQLPasswordEncoding hex > PassivePorts 3 4 > > > > # Port 21 is the standard FTP port. > Port 21 > > # Don't use IPv6 support by default. > # Umask 022 is a good standard umask to prevent new dirs and files > # from being group and world writable. > Umask 077 > > # To prevent DoS attacks, set the maximum number of child processes > # to 30. If you need to allow more than 30 concurrent connections > # at once, simply increase this value. Note that this ONLY works > # in standalone mode, in inetd mode you should use an inetd server > # that allows you to limit maximum number of processes per service > # (such as xinetd). > MaxInstances 30 > > # Set the user and group under which the server will run. > User galaxy > Group galaxy > > # To cause every FTP user to be "jailed" (chrooted) into their home > # directory, uncomment this line. > #DefaultRoot ~ > > # Normally, we want files to be overwriteable. > AllowOverwriteon > > AuthOrder mod_sql.c > > > # Bar use of SITE CHMOD by default > # > # DenyAll > # > Include /etc/proftpd/conf.d/ > ___ > Please keep all replies on the list by using "reply all" > in your mail client. To manage your subscriptions to this > and other Galaxy lists, please use the interface at: > http://lists.bx.psu.edu/ > > To search Galaxy mailing lists use the unified search at: > http://galaxyproject.org/search/mailinglists/ > -- Malcolm Tobias 314.362.1594 ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To sear
Re: [galaxy-dev] ProFTPD integration with Galaxy
I am sorry, i posted the wrong configuration file above. I am posting now the updated proftpd.conf , the differences is that some things are commented out and others are not. # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "Genomics01 ProFTPd" ServerType standalone DefaultServer on DeferWelcomeoff UseIPv6 on IdentLookupsoff MultilineRFC2228on ShowSymlinkson ModulePath /usr/local/galaxy/downloads/proftpd-1.3.5rc3/modules/ LoadModule mod_sql.c LoadModule mod_sql_postgres.c LoadModule mod_sql_passwd.c SQLBackend postgres SQLEngine on SQLAuthenticate users SQLAuthTypesSHA1 SHA256 pbkdf2 SQLPasswordPBKDF2 SHA256 1000 24 #SQLPasswordSaltFile/path/to/file SQLConnectInfo galaxydb@localhost:5432 ftpuser mypassword SQLUserInfo custom:/LookupGalaxyUser #SQLNamedQuery LookupGalaxyUser SELECT "email,password,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLPasswordUserSalt sql:/GetUserSalt SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBDKF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBDKF2' THEN SUBSTRING (password from 21 for 36) END) AS salt FROM galaxy_user WHERE email='%U'" SQLDefaultGID 1002 SQLDefaultUID 1002 TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLoginwelcome.msg DisplayChdir.message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ CreateHome on dirmode 700 AllowOverwrite on AllowStoreRestart on SQLPasswordEngine on SQLPasswordEncoding hex PassivePorts 3 4 # Port 21 is the standard FTP port. Port21 # Don't use IPv6 support by default. # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 077 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances30 # Set the user and group under which the server will run. Usergalaxy Group galaxy # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on AuthOrder mod_sql.c # Bar use of SITE CHMOD by default # # DenyAll # Include /etc/proftpd/conf.d/ ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] ProFTPD integration with Galaxy
Hi Mr. Tobias, We are having a similar problem. It seems that when the galaxy code was updates, new created/updated passwords are using a different encryption mode. This new mode, PBKDF2 SHA256 is NOT supported by proftpd 1.3.4d that you see to be using. We had to compile proftpd from source since version 1.3.5rc3 does support this encryption. Now in the password PBKDF2$sha256$1$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh I was able to deduce the following by reading the code from git hub "password.py". The encrypted password is acually Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh where the salt is 8h/4HmD1Eu6NTc7F using PBKDF2 SHA256 with an illiteration value of 1. The most importnat part is that the salt, is right there, from character 21 to 36. With the newly compiled proftpd, I have the following configuration at proftpd.conf: # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "Genomics01 ProFTPd" ServerType standalone DefaultServer on DeferWelcomeoff UseIPv6 on IdentLookupsoff MultilineRFC2228on ShowSymlinkson ModulePath /usr/local/galaxy/downloads/proftpd-1.3.5rc3/modules/ LoadModule mod_sql.c LoadModule mod_sql_postgres.c LoadModule mod_sql_passwd.c SQLBackend postgres SQLEngine on SQLAuthenticate users SQLAuthTypesSHA1 SHA256 pbkdf2 SQLPasswordPBKDF2 SHA256 1000 24 #SQLPasswordSaltFile/path/to/file SQLConnectInfo galaxydb@localhost:5432 ftpuser mypassword SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email,password,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLPasswordUserSalt sql:/GetUserSalt SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBDKF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBDKF2' THEN SUBSTRING (password from 21 for 36) END) AS salt FROM galaxy_user WHERE email='%U'" SQLDefaultGID 1002 SQLDefaultUID 1002 TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLoginwelcome.msg DisplayChdir.message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ CreateHome on dirmode 700 AllowOverwrite on AllowStoreRestart on SQLPasswordEngine on SQLPasswordEncoding hex PassivePorts 3 4 # Port 21 is the standard FTP port. Port21 # Don't use IPv6 support by default. # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 077 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances30 # Set the user and group under which the server will run. Usergalaxy Group galaxy # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on #AuthOrder mod_sql.c # Bar use of SITE CHMOD by default # # DenyAll # Include /etc/proftpd/conf.d/ With the configuration above, I can still connect to users that have SHA1 passwords, but I think I need a little more tweeking to get it to work with the new passwords. Best, --Ricardo Perez ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx
