|
|
|
|
|
|
|
about me about server user land webmail |
|
|
|
twice DIGITAL |
|
|
|
lpfountz |
|
|
|
Netgate Q&A 5354AP1 Aries2 |
The DigitalPimp
Ben Pfountz
|
Setting Up proftpd
|
FreeBSD 4.9-PRERELEASE The Digitalpimp Collection Ben Pfountz March 31, 2004 |
NOTE: install mysql server and client before this.
NOTE: if building with mysql 5.0.0 alpha, you will need to modify modules/mod_sql_mysql.c:
change this line:
#if MYSQL_VERSION_ID >= 40100
to this line:
#if MYSQL_VERSION_ID >= 40100 && MYSQL_VERSION_ID < 50000
NOTE: for both mod_mysql and mod_tls, you must modify the port's Makefile slightly:
add this section below the WITH_MYSQL section...
.if defined(WITH_TLS)
MODULES:=${MODULES}:mod_tls
INCLUDEDIRS:=${INCLUDEDIRS}:/usr/include/openssl
LIBDIRS:=${LIBDIRS}:/usr/local/openssl
.endif
Install proftpd from port:
cd /usr/ports/ftp/proftpd
make WITH_MYSQL=YES WITH_TLS=YES install
make clean
Configure proftpd:
move /usr/local/etc/rc.d/proftpd.sh.sample to backup directory
backup and restore /usr/local/etc/proftpd.conf
this section will allow ftps:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/ftp_tls.log
TLSProtocol TLSv1
TLSRequired on
TLSOptions NoCertRequest
# Server's certificate
TLSRSACertificateFile /usr/local/etc/apache/ssl.crt/server.crt
TLSRSACertificateKeyFile /usr/local/etc/apache/ssl.key/server.key
# CA the server trusts
#TLSCACertificateFile /usr/local/etc/apache/ssl.csr/server.csr
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>
Configure inetd startup:
add line to /etc/inetd.conf (dont forget to killall -HUP inetd)
| ftp | stream | tcp | nowait | root | /usr/local/libexec/proftpd proftpd -n |
Configure pam.conf:
may need to add lines to /etc/pam.conf, but try authentication first:
| ftpd | auth | required | pam_unix.so | try_first_pass |
| ftpd | account | required | pam_unix.so | try_first_pass |
| ftpd | session | required | pam_permit.so | |