I am working with a pure-ftpd server implementation that is setup to pull authentication information from a MySQL database. It looks like the way this implementation was originally setup was to use MD5 authentication, and it seems to work well with that. However, MD5 needs to go.
So instead of using MD5 I am hoping to find a way to make the authentication compatible with PHP's built in password_hash($password, PASSWORD_BCRYPT) functionality. The FTP users' passwords are already being hashed and stored in a database using password_hash(), and it would be great if we could authenticate the login info through pure-ftpd using the hashes that are pulled from the database.
I have read through the pure-ftpd documentation here: https://download.pureftpd.org/pub/pure-ftpd/doc/README.MySQL But I am still not understanding how I can make this work.
Have any of you worked with this before? If so, do you have any advice on how to set it up like this?
Thanks in advance for your help!
After trying multiple ways to make this work, it appears that pure-ftpd does not support this by default. So how we ended up making it work for us was through the "AUTHENTICATION MODULES" abilities in pure-ftpd (https://download.pureftpd.org/pub/pure-ftpd/doc/README.Authentication-Modules).
We're having pure-ftpd send the provided login name & password to a PHP file, which we use to authenticate the login information. We then send back a response to pure-ftpd in a format like this (if successful):
auth_ok:1 uid:xx gid:yy dir:/home/zz/./ end
If it is NOT successful we send: auth_ok:0 (or -1, depending on the reason it failed) end