Hi All,
We’re having problems setting up ftp and authenticating against the postgres database.
We’ve reviewed these pages and a few others:
Galaxy Page:
https://wiki.galaxyproject.org/Admin/Config/UploadviaFTP
Peter Briggs Blog Post:
http://galacticengineer.blogspot.co.uk/2015/02/ftp-upload-to-galaxy-using-proftpd-and.html
Ricardo Perez’s Galaxy Developers thread that Peter referenced:
http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295.html
When we run proftpd in debug mode we get similar output to the one in
Ricardo’s thread:
Ricardo’s
command line output:
login002 proftpd[987] login002 (10.28.56.101[10.28.56.101]): mod_sql_passwd/0.4: expected 'PBKDF2$sha256$10000$8h/4HmD1Eu6NTc7F$Slb1H5a9YJvR6A3cUnZCUfh7tOWKfRuh',
got 'cc0ef515d684386aaa500bf6499d9f512dfb332c'
Our output:
2016-04-20 10:53:42,597 pcegalaxy proftpd[18649] pcegalaxy.ci.northwestern.edu (lagunitas.kelleher.northwestern.edu[129.105.112.217]):
mod_sql_passwd/0.7: expected 'NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu', got 'g3L81voHwAEh8y0B9qBImZycWgS0w4Z4'
From looking at the galaxy_user table, it seems like proftpd is finding the correct password information (password in table: PBKDF2$sha256$10000$kgyVpO6N2rWAbeX6$NMmACzgvs8Oh+BCnSw+2GFxpYl7cLiQu).
The last post from that thread mentions back-channel advice that was helpful. Maybe we need the same advice ?
In case it’s important we’re using LDAP for our general user authentication.
Here is our proftpd.conf:
ServerName "Galaxy FTP File Upload"
ServerType standalone
DefaultServer on
PidFile /opt/apps/proftpd/1.3.5/var/proftpd.pid
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 077
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nobody
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Automatically create home directory if it doesn't exist
CreateHome on dirmode 700
# Allow users to overwrite their files
AllowOverwrite on
# Allow users to resume interrupted uploads
AllowStoreRestart on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
DenyAll
</Limit>
# Do not authenticate against real (system) users
AuthPAM off
## Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
SQLPasswordEngine on
## Set this if Galaxy user UID and/or GID are less than 999
SQLMinID 400
## Configuration that handles PBKDF2 encryption
## Set up mod_sql to authenticate against the Galaxy database
SQLEngine on
SQLBackend postgres
SQLConnectInfo galaxy_db@localhost:5432 <USERNAME> <PASSWORD>
SQLAuthTypes PBKDF2
SQLPasswordPBKDF2 SHA256 10000 24
SQLPasswordEncoding base64
SQLAuthenticate users
## For PBKDF2 authentication
SQLPasswordUserSalt sql:/GetUserSalt
## Define a custom query for lookup that returns a passwd-like entry for PBKFD2
## UID and GID should match your Galaxy user.
SQLUserInfo custom:/LookupGalaxyUser
SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password
from 38 for 69) ELSE password END) AS password2,400,400,'/share/PCEitAdmin/Galaxy/external_users/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
## Define custom query to fetch the password salt
SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END)
AS salt FROM galaxy_user WHERE email='%U'"
Any advice would be great.
Thanks,
Joe Greer
Northwestern University