NcFTPd : Frequently Asked Questions : User Authentication


What are Virtual Users and why should I use them?

Virtual Users are users that aren't a real user in the /etc/passwd file, but instead only exist for FTP to NcFTPd.  Virtual Users are much more secure simply because that means no one can telnet in as that user, send/receive mail as that user, etc.  They give you the capability to designate a portion of your filesystem as accessible by FTP but without the hassle or worry of letting them have a real account on the server.  By default, these users only have access to the directory and it's contents that you specify (i.e. they're restricted from accessing other directories outside their own, such as /etc or /usr.)

Another benefit by using Virtual Users is that it requires you use a NcFTPd Password Database, which are much more efficient than old-fashioned use of the /etc/passwd file which is just a plain-text list of users.

Does NcFTPd support LDAP?

No, not yet!  More customers are asking for this, so it is likely it will be supported.  Until then, you can use NcFTPd’s Authentication API  

How can I use my MySQL/mSQL/Oracle/etc database to authenticate users?

NcFTPd does not (and most likely will not ever) have direct support for these databases, but you can do this by using NcFTPd’s Authentication API  

So if NcFTPd doesn't do MySQL/mSQL/Oracle/etc, then what is this NcFTPd Password Database you're talking about?

These are database files which are created and maintained by the ncftpd_passwd utility program that comes with the NcFTPd package.  These databases are much faster than scanning the /etc/passwd file and are suited thousands of users.  The database files are also used to store individual quota and bandwidth information, so if you want those features you have to use a password database.

Does NcFTPd support Pluggable Authentication Modules (PAM)?

No, but perhaps for a future release.  If you require PAM, you can still use PAM now by taking advantage of NcFTPd’s Authentication API.  This would require to you to write a program which would do the authentication however you like, and communicate this information back to NcFTPd.

How does NcFTPd's custom authentication work?

NcFTPd can communicate with a separate process, the guts of which you write, to do user authentication.  Basically, NcFTPd sends a message to this process, and this process does the validation.  If the user is authenticated, the process returns information such as the user's home directory, access privileges, etc.

This isn't as hard as it sounds.  The Authentication API comes with C source code for a sample implementation; all you have to do is write the code that does the authentication.

How can I have NcFTPd use only a password database for authentication?  I don’t want users in /etc/passwd to be able to FTP in.

Remove “/etc/passwd” from the list of files to check in the passwd line in the for the domain in question.  For example, if you had “passwd=/etc/passwd,/etc/ftppasswd.db”, simply change this to “passwd=/etc/ftppasswd.db”.

Can I tell NcFTPd to authenticate users from both the system password file and a NcFTPd password database?

Yes.  The passwd line in the is comma-delimited, with each token being one password file to check.  NcFTPd will check the files in the order you list them, so if you have “passwd=/etc/passwd,/etc/ftppasswd.db”, then a user in /etc/passwd would take precedence over a user by the same name in /etc/ftppasswd.db.

Can I tell NcFTPd to authenticate users from a text file in the same format as /etc/passwd?

No.  With the exception of /etc/passwd in the passwd line in the, all other items must be password databases (which are not text files).  What actually happens is that NcFTPd special-cases the item named /etc/passwd; if this item is in the list, NcFTPd uses standard library functions like getpwnam().  NcFTPd doesn’t open up the file and read from it directly.

Is NcFTPd limited to usernames of 8 characters or less?

For real users in the system password file, NcFTPd has the same limit as your operating system.  This is usually 8 characters.

For virtual users (NcFTPd password database users),the username can be up to 63 characters long.


 NcFTPd Home