1.安装 pam_mysql-0.7RC1.tar.gz
[root@node1 tmp]# tar xf pam_mysql-0.7RC1.tar.gz
[root@node1 tmp]# cd pam_mysql-0.7RC1
[root@node1 pam_mysql-0.7RC1]# ./configure --with-openssl
[root@node1 pam_mysql-0.7RC1]# make && make install -------->如果报错,安装 mysql-devel
[root@node1 pam_mysql-0.7RC1]# ls /usr/lib/security/
classpath.security pam_mysql.la pam_mysql.so
[root@node1 ~]# ln -s /usr/lib/security/pam_mysql.so /lib/security/pam_mysql.so
Zhao YongGang
Zhao YongGang
2.创建一个必要的本地用户
虽说是虚拟用户,不过,由于虚拟用户的信息存储在 MySQL 数据库中,所以还是需要一个能够
读取 MySQL 数据库的本地用户.
[root@node1 ~]# useradd -s /sbin/nologin virtual
Zhao YongGang
Zhao YongGang
[root@node1 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.77 Source distribution
Zhao YongGang
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
Zhao YongGang
mysql> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.02 sec)
mysql> USE vsftpd;
Database changed
Zhao YongGang
3.创建用于存储虚拟用户信息的表 users
mysql> CREATE TABLE users (username varchar(20) NOT NULL,password varchar(40) NOT
NULL,PRIMARY KEY (username)) TYPE=MyISAM;
Query OK, 0 rows affected, 1 warning (0.01 sec)
Zhao YongGang
4.让本地用户 virtual 能读取 vsftpd 数据库的 users 表的内容
mysql> grant select on vsftpd.users to virtual@localhost identified by '123456';
Query OK, 0 rows affected (0.00 sec)
Zhao YongGang
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Zhao YongGang
5.建立虚拟用户
mysql> insert into users values ('vu1','123');
Query OK, 1 row affected (0.00 sec)mysql> insert into users values ('vu2','123');
Query OK, 1 row affected (0.00 sec)
Zhao YongGang
mysql> insert into users values ('vu3','123');
Query OK, 1 row affected (0.00 sec)
Zhao YongGang
mysql> quit
Bye
Zhao YongGang
6.配置 vsftpd 的 PAM 验证
[root@node1 ~]# vim /etc/pam.d/vsftpd_mysql
auth required pam_mysql.so user=virtual passwd=123456 host=localhost db=vsftpd table=users
usercolumn=username passwdcolumn=password crypt=0
account required pam_mysql.so user=virtual passwd=123456 host=localhost db=vsftpd
table=users usercolumn=username passwdcolumn=password crypt=0
Zhao YongGang
7./etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd_mysql
guest_enable=YES
guest_username=virtual
virtual_use_local_privs=YES
Zhao YongGang
Zhao YongGang
#guest_enable=YES
# 开启虚拟用户功能
#guest_username=virtual
# 指定虚拟用户使用的系统用户
#pam_service_name=vsftpd # 以/etc/pam.d/验证模式文件名相同
#为虚拟用户设置不同权限
#virtual_use_local_privs
#设置为 YES 时,虚拟用户使用与本地用户相同权限
#设置为 NO 时,虚拟用户使用与匿名用户相同权限
Zhao YongGang
Zhao YongGang
Zhao YongGang
Zhao YongGang