Vsftpd FTP Server With Virtual Users ( Berkeley DB + PAM )

Posted on in Categories CentOS, FTP Server, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security last updated February 18, 2011

VSFTPD supports virtual users with PAM (pluggable authentication modules). A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh or smtp.

HowTo: Authenticate Linux Clients with Microsoft Active Directory

Posted on in Categories Linux, Linux desktop, RedHat/Fedora Linux, Sys admin, Tips, Troubleshooting, Windows, Windows server last updated November 18, 2008

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

Linux set default password expiry for all new users

Posted on in Categories CentOS, Debian Linux, Howto, Linux, RedHat/Fedora Linux, Security, Sys admin, Ubuntu Linux, User Management last updated November 29, 2007

Under Linux password related utilities and config file(s) comes from shadow password suite. The /etc/login.defs file defines the site-specific configuration for this suite. This file is a readable text file, each line of the file describing one configuration parameter. The lines consist of a configuration name and value, separated by whitespace.

You need to set default password expiry using /etc/login.defs file (password aging controls parameters):

  1. PASS_MAX_DAYS : Maximum number of days a password may be used. If the password is older than this, a password change will be forced.
  2. PASS_MIN_DAYS : Minimum number of days allowed between password changes. Any password changes attempted sooner than this will be rejected
  3. PASS_WARN_AGE : Number of days warning given before a password expires. A zero means warning is given only upon the day of expiration, a negative value means no warning is given. If not specified, no warning will be provided.

Open file /etc/login.defs using text editor:
# vi /etc/login.defs
Setup (sample) values as follows:
PASS_MAX_DAYS 30
PASS_MIN_DAYS 1
PASS_WARN_AGE 7

Close and save the file.

See also:

Please note that much of the functionality that used to be provided by the shadow password suite is now handled by PAM suite. Next time I will write about PAM configuration.