Hi All, We're having problems setting up ftp and authenticating against the postgres database. We've reviewed these pages and a few others: Galaxy Page: https://wiki.galaxyproject.org/Admin/Config/UploadviaFTP Peter Briggs Blog Post: http://galacticengineer.blogspot.co.uk/2015/02/ftp-upload-to-galaxy-using-pr... Ricardo Perez's Galaxy Developers thread that Peter referenced: http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295.... When we run proftpd in debug mode we get similar output to the one in Ricardo's thread: Ricardo's command line output: login002 proftpd[987] login002 (10.28.56.101[10.28.56.101]): mod_sql_passwd/0.4: expected 'PBKDF2$sha256$10000$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh', got 'cc0ef515d684386aaa500bf6499d9f512dfb332c' Our output: 2016-04-20 10:53:42,597 pcegalaxy proftpd[18649] pcegalaxy.ci.northwestern.edu (lagunitas.kelleher.northwestern.edu[129.105.112.217]): mod_sql_passwd/0.7: expected 'NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu', got 'g3L81voHwAEh8y0B9qBImZycWgS0w4Z4'
From looking at the galaxy_user table, it seems like proftpd is finding the correct password information (password in table: PBKDF2$sha256$10000$kgyVpO6N2rWAbeX6$NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu).
The last post from that thread mentions back-channel advice that was helpful. Maybe we need the same advice ? In case it's important we're using LDAP for our general user authentication. Here is our proftpd.conf: ServerName "Galaxy FTP File Upload" ServerType standalone DefaultServer on PidFile /opt/apps/proftpd/1.3.5/var/proftpd.pid # Port 21 is the standard FTP port. Port 21 # Don't use IPv6 support by default. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 077 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nobody # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Automatically create home directory if it doesn't exist CreateHome on dirmode 700 # Allow users to overwrite their files AllowOverwrite on # Allow users to resume interrupted uploads AllowStoreRestart on # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> # Bar use of RETR (download) since this is not a public file drop <Limit RETR> DenyAll </Limit> # Do not authenticate against real (system) users AuthPAM off ## Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on ## Set this if Galaxy user UID and/or GID are less than 999 SQLMinID 400 ## Configuration that handles PBKDF2 encryption ## Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres SQLConnectInfo galaxy_db@localhost:5432 <USERNAME> <PASSWORD> SQLAuthTypes PBKDF2 SQLPasswordPBKDF2 SHA256 10000 24 SQLPasswordEncoding base64 SQLAuthenticate users ## For PBKDF2 authentication SQLPasswordUserSalt sql:/GetUserSalt ## Define a custom query for lookup that returns a passwd-like entry for PBKFD2 ## UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,400,400,'/share/PCEitAdmin/Galaxy/external_users/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" ## Define custom query to fetch the password salt SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'" Any advice would be great. Thanks, Joe Greer Northwestern University