Timo Weingärtner has graciously offered to take over the maintenance of pam_pwdfile. Its development will henceforth be hosted at https://github.com/tiwe-de/libpam-pwdfile.
Old page contents follows
PAM, or pluggable authentication modules, is a very effective method by which applications can abstract the way that they authenticate and authorize users. Using PAM for example, a whole system can be switched from normal /etc/passwd to shadow passwords without recompiling a single binary, as was the case with older *ix systems. Linux being my OS of choice, I have had most contact with Linux-PAM, as maintained by Andrew Morgan. Please see the Linux PAM pages at http://www.us.kernel.org/pub/linux/libs/pam/.
We required a Linux PAM module for authenticating using arbitrary password files containing username:crypted_password pairs, and this was not yet available for Linux PAM. As is the way with nicely open operating systems, I was able to put one together quickly, and you can get the source here. Since then, patches for extending functionality have also been contributed and integrated with pam_pwdfile. You can use this module to have different sets of passwords for each of the PAM-based services on your systems.
This module is available as part of Debian, where it is known as libpam-pwdfile. It also exists in the FreeBSD ports collection.
Warwick Duncan has written a very useful utility (command-line and CGI) to manage password files that can be used by pam_pwdfile. You can read all about chpwdfile and download it from the chpwdfile homepage! (Hmmm, it seems that the chpwdfile site has dropped off the edge of the internet. I’ve mirrored the source tarball of chpwdfile here. Remember that you can also use the apache htpasswd utility to manage your password files from the command line.)
Pingback: How to Set up vsftpd Virtual Users-ARM-Target-Board
Is there a newer version of pam_pwdfile that works with newer versions of the pam source? I tried compiling with Linux-PAM-1.1.0 and it would appear some slight changed have been made in the structure of the source directory that are not compatible with the pam_pwdfile-0.99 source.
I have not tested it with that version of Linux PAM yet. Have you checked any distributions that use Linux-PAM-1.1.0 and pam_pwdfile?
Same problem here – Centos 5.2 doesn’t provide an RPM for pam_pwdfile and it won’t build:
make
Makefile:8: ../../Make.Rules: No such file or directory
make: *** No rule to make target `../../Make.Rules’. Stop.
I’ll take a look at this as soon as I can.
Forgot to ask: What version of PAM is Centos 5.2 using?
try the following:
copy pam_pwdfile-0.99/contrib/Makefile.standalone
into the top level and run
make -f Makefile.standalone
copy pam_pwdfile.so to /lib64/security , in my case
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=21232
Great Eric, thank you very much for that tip!
I’d forgotten about that standalone Makefile. It should also solve Tory and Mike’s problems.
Thanks – that sort of helps me though I now get:
vsftpd: PAM adding faulty module: /lib64/security/pam_pwdfile.so
I tried that, but I get the following instead of that Make.Rules error:
make: *** No rule to make target `pam_pwdfile.c', needed by `pam_pwdfile.o'. Stop.Help?
Hi! I can’t find pam_pwdb, it seems that pwdb no longer exists?
If anyone is looking for pam_pwdfile.so for Centos 5.2, you can successfully build it from PAM 0.77 source and pam_pwdfile-0.99 as outlined at http://www.productionmonkeys.net/guides/ftp-server/vsftpd
P.S. For the x86_64 version I found I had to do an additional fix to get it to build :
edit configure.in and add -fPIC to the OS_CFLAGS so that it reads
case $OS in
linux) OS_CFLAGS=”-ansi …. -pedantic -fPIC”
Hi there,
you might be interested in htpasswd_editor (http://benjamin-schweizer.de/htpasswd_editor.html) which is a python/newt/ncurses interface to edit .htpasswd files (as used by pam_pwdfile).
Greetings
Pingback: CentOS 5.5 vsftpd virtual users with pam_passwdfile, 530 login incorrect
Pingback: Virtual Hosting FTP, FTPS and SFTP Drija
Pingback: Virtual Hosting FTP, FTPS and SFTP - Admins Goodies
I should note that htpasswd (from the Debian Squeeze package “apache2-utils”, Apache version 2.2) uses its very own “Apache MD5″ when told to use MD5 hashing. Among other things, this results in the “$apr1$” prefix rather than “$1″, which pam_pwdfile expects (judging from its source code at trunk). Manifestations of this problem are, for instance, [1] and [2].
TL;TR: it seems there’s no way to use current htpasswd to generate files with MD5 hashes suitable for pam_pwdfile to consume. chpwdfile worked just fine.
1. http://mail-archives.apache.org/mod_mbox/httpd-users/200801.mbox/%3C0FBAE769-5163-4126-8991-D1252F6A7A73@mac.com%3E
2. http://www.php.net/manual/en/function.crypt.php#73619
Thanks for the your comment on this issue.
Patches to the pam_pwdfile README (or even code) are of course more than welcome if you feel so inclined. :)
Is this project abandoned?
It’s in maintenance mode. The module does what it should do, no more no less.
I am open to patches, forks and ambitious new maintainers of course. :)
Pingback: Setup Virtual Users and Directories in VSFTPD | Tech Help!