Ricardo,
I followed the advice you offered back-channel and backed off the galaxy changes to support pbkdf2. I can now authenticate via the latest stable release of ProFTPD.
Thanks!
Malcolm
On Thursday 20 June 2013 10:54:44 Perez, Ricardo wrote:
> I am sorry, i posted the wrong configuration file above. I am posting now the updated proftpd.conf , the differences is that some things are commented out and others are not.
>
> # This is a basic ProFTPD configuration file (rename it to
> # 'proftpd.conf' for actual use. It establishes a single server
> # and a single anonymous login. It assumes that you have a user/group
> # "nobody" and "ftp" for normal operation and anon.
>
> ServerName "Genomics01 ProFTPd"
> ServerType standalone
> DefaultServer on
> DeferWelcome off
> UseIPv6 on
> IdentLookups off
> MultilineRFC2228 on
> ShowSymlinks on
>
> ModulePath /usr/local/galaxy/downloads/proftpd-1.3.5rc3/modules/
>
> LoadModule mod_sql.c
> LoadModule mod_sql_postgres.c
> LoadModule mod_sql_passwd.c
>
> <IfModule mod_sql.c>
> SQLBackend postgres
> SQLEngine on
> SQLAuthenticate users
> SQLAuthTypes SHA1 SHA256 pbkdf2
> SQLPasswordPBKDF2 SHA256 1000 24
> #SQLPasswordSaltFile /path/to/file
> SQLConnectInfo galaxydb@localhost:5432 ftpuser mypassword
> SQLUserInfo custom:/LookupGalaxyUser
> #SQLNamedQuery LookupGalaxyUser SELECT "email,password,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
>
> SQLPasswordUserSalt sql:/GetUserSalt
>
>
> SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBDKF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,'galaxy','galaxy','/usr/local/galaxy/galaxy-dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
>
> SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBDKF2' THEN SUBSTRING (password from 21 for 36) END) AS salt FROM galaxy_user WHERE email='%U'"
>
>
> </IfModule>
>
> SQLDefaultGID 1002
> SQLDefaultUID 1002
>
> TimeoutNoTransfer 600
> TimeoutStalled 600
> TimeoutIdle 1200
>
> DisplayLogin welcome.msg
> DisplayChdir .message true
> ListOptions "-l"
>
> DenyFilter \*.*/
>
> # Use this to jail all users in their homes
> DefaultRoot ~
> CreateHome on dirmode 700
> AllowOverwrite on
> AllowStoreRestart on
> SQLPasswordEngine on
> SQLPasswordEncoding hex
> PassivePorts 30000 40000
>
>
>
> # Port 21 is the standard FTP port.
> Port 21
>
> # Don't use IPv6 support by default.
> # Umask 022 is a good standard umask to prevent new dirs and files
> # from being group and world writable.
> Umask 077
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd).
> MaxInstances 30
>
> # Set the user and group under which the server will run.
> User galaxy
> Group galaxy
>
> # To cause every FTP user to be "jailed" (chrooted) into their home
> # directory, uncomment this line.
> #DefaultRoot ~
>
> # Normally, we want files to be overwriteable.
> AllowOverwrite on
>
> AuthOrder mod_sql.c
>
>
> # Bar use of SITE CHMOD by default
> #<Limit SITE_CHMOD>
> # DenyAll
> #</Limit>
> Include /etc/proftpd/conf.d/
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> http://lists.bx.psu.edu/
>
> To search Galaxy mailing lists use the unified search at:
> http://galaxyproject.org/search/mailinglists/
>
--
Malcolm Tobias
314.362.1594