Shulou(Shulou.com)06/01 Report--

ftp virtual account ftp profile: ftp uses plaintext data transmission mode, if you log in to ftp server using a local account, if the user's username and password are captured by others, others can log in to ftp server using this account, and if there is an unsafe situation, you can use a virtual account, and map the virtual account to a local account on ftp server. In this way, even if the account is intercepted on the network, it is only an account that does not exist on the system and cannot log in to the system. 1. Experimental steps: 1. Create a new mount point and mount the CD. [root@localhost ~]# mkdir /mnt/cdrom [root@localhost ~]# mount /dev/cdrom /mnt/cdrom [root@localhost ~]# cd /mnt/cdrom/Server 2. Install vsftpd [root@localhost Server]# rpm -ivh vsftpd-2.0.5-16.el5.i386.rpm 3. Generate text files for storing virtual accounts and passwords. [root@localhost Server]#vim/etc/vsftpd/vuser.txt Test1 //Virtual account test1 123 //Virtual account test1 password Test2//Virtual account test2 123 //Virtual account test2 password 4. Install db_load tool to change the account and password files into database files. This tool is located in the software package db4_util [root@localhost Server]# rpm -ivh db4-utils-4.3.29-10.el5.i386.rpm 5. Use db-load -help to get help. Turn virtual account files into database files. [root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/vuser.txt /etc/vsftpd/vuser.db 6. When a user logs in to the ftp server, account authentication is performed under/etc/passwd by default. There is a statement in/etc/vsftpd/vsftpd.conf: pam_service_name=vsftpd, indicating that pam can be used for authentication. The authentication file is called vsftpd. This file is an interface file that tells pam which modules to invoke for validation and the parameters of the modules. Open the interface file vsftpd root@localhost vsftpd]# vim /etc/pam.d/vsftpd This file requires the module/lib/security/pam_userdb.so to view the module manual:

[root@localhost txts]# man /usr/share/doc/pam-0.99.6.2/txts/README.pam_userdb You can see that the pam_userdb module is used to verify user names and passwords stored in the database. 7. Edit Vim /etc/pam.d/vsftpd file again auth required pam_userdb.so db=/etc/vsftpd/vuser account required pam_userdb.so db=/etc/vsftpd/vuser

After the virtual account is successfully verified, you need to map the virtual account and the local account 8. user1 [root@localhost home]# useradd user1 [root@localhost home]# passwd user1 9. Check the vsftpd.conf manual for the guest keyword, guest_enable : All non-anonymous users log in as guest users, and guest users are mapped to usernames defined by guest_username.

10. Add the following statement to/etc/vsftpd/vsftpd.conf: guest_enable=YES guest_username=user1

11. Restart ftp service [root@localhost txts]# service vsftpd restart 12. Add r permissions to user1's home directory [root@localhost home]# ll -d user1/ drwx---- 3 user1 user1 4096 09-16 16:58 user1/ [root @ localhost home]# chmod a+r user1/ [root@localhost home]# ll drwxr-xr-x 3 user1 user1 1024 12-19 15:29 user1 12 Test whether virtual accounts test1 and test2 can log in successfully:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.