Red Hat

I need to utilize pam_pwdfile in order to authenticate virtual users in vsftpd. I know I can utilize htpasswd2 -m to create a password file however it is vital since I am administrating several machines in our organization that the password generated be in clear text. Does anyone on here know if that is possible using the pam_pwdfile module for authentication?
Best Regards,
Cole

Why is it vital that the passwords be in clear text? There's very good reasons passwords traditionally haven't even been stored in any retrievable fashion, let alone plaintext.

I utilize puppet to deploy my servers. In this instance I am unable to create users on each machine since our infrastructure is tied to ldap. Each server is unable to be accessed from the shell level by everyone outside of our infrastructure team. We would be the only ones who have access to the password files.

That being said. Using puppet to deploy ftp accounts utilizing vsftp virtual users requires the use of pam_pwdfile module for authentication from what I have read, unfortunately however the password hashes are different on every machine. I have tried to do a sort of hack using: echo -e "$username:`perl -le 'print crypt("$password","salt")'`" >> files/passwd within a adduser script, that does not have a salt that changes... simply called 'salt', and while I can create a hash that doesnt change on a single machine. That hash changes on every other machine. Hence the reason why I would prefer to simply use plain text for the vsftpd user accounts.

Best Regards,
Cole

Try

Code:

# htpasswd -m files/passwd $username

That was actually the first thing I tried. I noticed that htpasswd creates a random salt for the hash. Because every time the password is generated the hash is completely different. Thats why I attempted to create a static salt using perl's cryptography function... and that worked however only for that single machine. When that same algorithm is run on a different machine it produces a different hash.

This is why the next step is to find out wither or not there is a way to simply have the passwords in clear text specifically for vsftpd's virtual users. These are FTP servers and the users of these boxes are essentially jailed to their folders anyways, so the ability for them to access each others passwords is irrelevant. I do need the ability to deploy more than one FTP server with the same user group since it is essential that FTP access is available 100% of the time, in case one of the 2 servers goes down.

Yes. This is how hashes work. A random number is thrown in to make brute-forcing them far more difficult.

If the two machines use the same encryption algorithms, the salts don't matter. The computer has to 'crack' the salts anyway, it's just there to make brute-forcing them back into valid passwords exponentially more difficult.

Short answer - no

Longer answer - you could modify the vsftp sources to do what you want.