add user name and password?
oz123 opened this issue · 4 comments
Some (bad) clients can't work with FTP without user:pass combination.
But sometimes we must use them. Is there a change that this can be added to uftpd?
Any user:pass combo is allowed, e.g. anonymous:a@b, but there is no per-user specific authentication. I have no personal interest in adding this to uftpd, since the major reason for its existence is to serve FTP read-only on a LAN.
However, if someone has a good idea and is willing to implement/debug/test it thoroughly I will consider the PR.
Maybe q as hione can add simple pam support (with compile option)?
It's very tricky to get right, even if you use libpam, and opens up for a lot of potential security bugs. Having a compile time option (configure) to disable/enable is only one strong requirement from my side.
I'd prefer not to do it at all and instead recommend folks to use vsftpd for such use-cases, but like I said, if someone has a good PR I'll consider it.
It's been a terrible long time, but I am feeling more comfortable with C. So I might give it a shot soon.
If someone feels like tackling this, here is where I would start:
Line 262 in 011d652
One could implement httaccess file for access, it's a well known format and IMHO easier to use than libpam.
90% of the code for this can be taken from apache2 own code for managing the file. Specifically, look at how the flag -v works:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/support/htpasswd.c?view=markup