Modern alternative for pam_userdb (for use with vsftpd)

Question

Quite some years ago, I setup a vsftpd server with virtual users, according to some howtos (still) to be found on the internet, using pam_userdb.

Like this: A file called /etc/pam.d/vsftpd.virtual:

#%PAM-1.0
auth    required pam_userdb.so db=/etc/vsftpd/users crypt=crypt
account required pam_userdb.so db=/etc/vsftpd/users crypt=crypt
session required pam_loginuid.so

A setting inside /etc/vsftpd/vsftpd.conf:

pam_service_name=vsftpd.virtual

And a BerkeleyDB containing the user and password hashes (/etc/vsftpd/users.db).

According to the manpage of pam_userdb, this module only supports clear-text passwords or crypted ones, always in a BerkeleyDB.

Meanwhile, this approach seems both dated and impractical to me, as plain crypted passwords are insecure (not even speaking of the clear text variant), and the handling of a BerkeleyDB containing them makes using some wrapper necessary.

So: Is there some alternative PAM module that e.g. can handle a plain text file with users and bcrypted passwords? Or at least with passwords using some SHA hash? That can be updated using e.g. htpasswd (or mkpasswd)? Something like a Dovecot users file, or an htaccess file for use with e.g. Lighttpd?

Something like

some_user:$2y$05$ensqtXGZXUf5DQosKk51.utplrWUqkeZzNNI8.lCVT.K86uillL4a

? I suppose some other PAM module could be used by vsftpd in the same way? Thanks for all help!

FTP is at least as dated as `pam_userdb`... – Ginnungagap Dec 08 '21 at 08:57 — Ginnungagap, Dec 08 '21 at 08:57
Which does not really answer the question very well. – Tobias Leupold Dec 08 '21 at 12:51 — Tobias Leupold, Dec 08 '21 at 12:51

Modern alternative for pam_userdb (for use with vsftpd)

0 Answers0