ProFTPD 1.3.x README.AIX
                        ========================

Introduction
------------

There are two issues when compiling on AIX systems that can be worked
around using the proper configure command lines.

One problem involves the less than optimal default shared object search
path that the IBM linker inserts into executables.  The second problem is
compilaton failure stemming from an incompatibility with the <string.h>
header file when the IBM compiler attempts to inline some string functions.

Also, a minor usage note: do NOT use the --enable-autoshadow or --enable-shadow
configure options when configuring ProFTPD for AIX.  AIX does not use
the shadow libraries.


Executive Summary
-----------------

If you are using the IBM xlc/cc compiler with the IBM ld linker:

  % env CC=cc \
    CFLAGS='-D_NO_PROTO' \
    LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \
    ./configure ...

If you are using the GNU gcc compiler with the IBM ld linker:

  % env CC=gcc \
    LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \
    ./configure ...

If you are using the GNU gcc compiler with the GNU ld linker,
something like this ought to work (untested):

  % env CC=gcc \
    LDFLAGS='-Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib' \
    ./configure ...

Note that the library paths shown here are for example use only.
You may need to use different paths on your system, particularly when
linking with any optional libraries (e.g. krb5, ldap, mysql, etc.).


Compiling with the GNU compiler
-------------------------------

It is recommend that gcc-3.3.2 *not* be used when compiling proftpd on AIX.
There were problems reported of session processes going into endless loops.
Using gcc-4.1.0 should work properly.


Linking with the IBM or GNU linker
----------------------------------

There is a potential security problem when using the IBM linker.
Unlike other Unix systems, by default the IBM linker automatically will
use the compile time library search path as the runtime shared library
search path.  The use of relative paths in the runtime library search
path is an especially acute security problem for suid or sgid programs.
This default behavior is documented, so it is not considered a bug by IBM.
However, some suid programs that have shipped with AIX have included insecure
library search paths and are vulnerable to privilege elevation exploits.

This may not be such a serious a security problem for ProFTPD, since it
is not installed suid or sgid.  Nonetheless, it is wise to configure the
runtime shared library search path with a reasonable setting.  For instance,
consider potential problems from searching NFS mounted directories.

An existing AIX executable's library search path can be displayed:

  % dump -H progname

The runtime library search patch should be specified explicitly at
build time using the -blibpath option:

  % cc -blibpath:/usr/lib:/lib:/usr/local/lib

  % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib

See the ld documentation, not just that of xlc/cc, for further information
on the IBM linker flags.  Alternatively, an insecure library search path
can be avoided using -bnolibpath, which causes the default path to be used
(either the value of the LIBPATH environment variable, if defined, or
/usr/lib:/lib, if not).

It has been reported that at least some versions of GNU ld (e.g. 2.9.1)
have emulated this default linking behavior on AIX platforms.  However,
GNU ld uses -rpath to set the runtime library search path, rather than
the IBM ld -blibpath or the Sun ld -R options:

  % gcc -Wl,-rpath,/usr/lib,-rpath,/lib,-rpath,/usr/local/lib

Again, consult the GNU ld documentation for further information.
Note that using the gcc compiler does not imply that it uses the GNU
ld linker.  In fact, it is more common to use the IBM system linker.

The upshot of all this is that you should tell configure what to use
for the runtime shared library search path.  This can be done by setting
LDFLAGS on the configure command line, possibly like this:

  % env CC=cc LDFLAGS='-blibpath:/usr/lib:/lib:/usr/local/lib' \
    ./configure ...

  % env CC=gcc LDFLAGS='-Wl,-blibpath:/usr/lib:/lib:/usr/local/lib' \
    ./configure ...

In addition to setting the runtime library search path during the original
software build, the IBM linker can relink an existing *unstripped* executable
using a new runtime library search path:

  % cc -blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \
    -o progname.new progname

  % gcc -Wl,-blibpath:/usr/lib:/lib:/usr/local/lib -lm -ldl \
    -o progname.new progname

where the "-l" options refer to shared libraries, which can be determined
from the output of:

    % dump -Hv progname

which displays shared library information.  A basic proftpd executable
probably will not require any "-l" options at all.


Compiling with the IBM xlc/cc compiler
--------------------------------------

There is a problem with the index and rindex macros defined in <string.h>.
Apparently, these are used as part of an attempt to inline string functions
when the __STR__ C preprocessor macro is defined.  Conflicts with these
definitions will cause compilation failures.

The work-around is to undefine the __STR__ C preprocessor macro, which
is predefined by the IBM compiler.  This can be done on the configure
command line by adding '-U__STR__' to the CPPFLAGS variable:

  % env CC=cc CPPFLAGS='-U__STR__' ./configure ...

However, with newer versions of proftpd, it has been found that the following
combination works better when compiling:

  % env CC=cc CFLAGS='-D_NO_PROTO' ./configure ...


Sendfile support in AIX
-----------------------

It appears that the sendfile() function in AIX 5.3
(specifically AIX 5300-04-02) is faulty.  If you are running proftpd-1.3.0
or later on AIX, place the following in your proftpd.conf:

  UseSendfile off

Failure to do so can result in downloads of files that end up being
the wrong size (downloaded files being far too large, etc).

			ProFTPD 1.2 README.FreeBSD
			==========================

Packages
--------

A precompiled FreeBSD package for x86, Alpha, AMD64, and UltraSPARC systems
can be installed from sources, including CD-ROM, the FreeBSD FTP server and
its mirrors.  To install from the main FreeBSD FTP server:

  # pkg_add -r proftpd

Or, if you want MySQL support:

  # pkg_add -r proftpd-mysql

As the port is updated to a newer version, the corresponding package will be
updated.


Bugs
----

FreeBSD releases 2.0 through 3.3-RELEASE have a libc bug with setpassent().
If you know that you have a fixed libc you can use the configure command line
option '--enable-force-setpassent' to use it with one of these fixed releases,
otherwise ProFTPD will use its internal persistent password support.  If you
would like more information, this bug is described in FreeBSD PR #14201.


Compiling From Source
---------------------

The FreeBSD ports collection[1,2] enables the downloading, configuring,
building and installation of ProFTPD in one easy step.

First, you must have the ports collection installed on the system*. The
ProFTPD port is in ftp/proftpd, so if your ports collection is installed in
/usr/ports, you should change to that directory:

  $ cd /usr/ports/ftp/proftpd

and run "make" to fetch the ProFTPD source distribution, extract it, apply the
necessary patches for FreeBSD, configure and build the program. This should be
done as a normal system user, not root, to minimise the chance of incidents.

  $ make

You can watch the progress as the port builds. Once it has finished, you can
install the software on the system and register it in the FreeBSD package
database by running "make install" as root:

  # make install

You can watch the progress as the port installs. Pay attention to any messages
at the end of the install. Once it has finished, you can set up the system to
start the ProFTPD server at boot by copying the file proftpd.sh.sample to
proftpd.sh in directory /usr/local/etc/rc.d/.

If you have installed "portupgrade" (sysutils/portupgrade), you can do this
all on one line with e.g.:

  $ portupgrade --new --recursive --sudo --verbose ftp/proftpd

After creating your server configuration in /usr/local/etc/proftpd.conf (see
proftpd.conf.default) for an example) you can start the server with

  # /usr/local/etc/rc.d/proftpd.sh start

Note that the proftpd binary is kept in the library executable directory,
/usr/local/libexec/ which is not (and should not be) in your PATH, so if you
want run a configuration test or add debugging flags from the command line,
use the full path, e.g.:

  # /usr/local/libexec/proftpd --configtest

To get log messages from the FTP server, make sure you have configured syslog
to save messages with facility "ftp", e.g. in syslog.conf put:

  ftp.info		/var/log/ftplog

and signal syslogd to re-read its configuration:

  # kill -HUP `cat /var/run/syslog.pid`

A second port has been created for the ProFTPD "Candidate" releases with the
provisional name ftp/proftpd-devel, however at the time of writing it has not
been added to the ports collection.

* After choosing to install it during the initial FreeBSD install or by
installing it from the FTP site[3], you should keep it up-to-date using
cvsup[4].

[1] http://www.freebsd.org/ports/
[2] http://www.freebsd.org/doc/handbook/ports-using.html
[3] ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz
[4] http://www.freebsd.org/doc/handbook/cvsup.html

mod_ldap v2.9.2
===============

mod_ldap is a ProFTPD module that performs user authentication and
name/UID/quota lookups against an LDAP directory.

**Please note:** Read the Changes section below for mod_ldap v2.9 changes;
some significant changes have been made. Do *NOT* upgrade to mod_ldap v2.9
or later before reading the Changes section.

Sections:
1. Author
2. How do I set up mod_ldap?
3. Changes
4. Thanks


=========
1. Author
=========

John Morrissey, <jwm@horde.net>, http://horde.net/~jwm/software/mod_ldap/.
Feedback is much appreciated. If you're using mod_ldap successfully, are
having problems getting mod_ldap up and running at your site, or have some
code improvements or ideas for development, please let me know!


============================
2. How do I set up mod_ldap?
============================

* tar xvzf proftpd-version.tar.gz
* If you wish to use a newer version of mod_ldap that is not yet included
  with a release version of ProFTPD, download the file mod_ldap.c and say:

    cp -f mod_ldap.c proftpd-version/contrib

* cd proftpd-version
* ./configure --with-modules=mod_ldap
* make
* make install
* The 'user-ldif' file contains a sample user ldif. Modify it to your liking
  and say ldapadd -D your-root-dn -w your-root-dn-password < ldif
* You are *strongly* encouraged to read up on the LDAP config-file
  directives in proftpd-version/doc/Configuration.html. At bare minimum,
  you'll need LDAPServer, LDAPBindDN, and LDAPUsers configuration directives
  in your proftpd.conf.

  A set of basic mod_ldap configuration directives would look like:

    LDAPServer localhost
    LDAPBindDN cn=your-dn,dc=example,dc=com dnpass
    LDAPUsers "dc=users,dc=example,dc=com"

  Of course, you will need to update these configuration directives with
  the proper values for your environment.


==========
3. Changes
==========
v2.9.2:
- Prevent segmentation fault when no user filters (second and third
  arguments to LDAPUsers) are specified.

v2.9.1:
- Handle potential NULL return value from crypt(). (Bug #3551)
- Update README to mention the LDAPDNInfo -> LDAPBindDN change in v2.9.0.

v2.9.0:
- Overhaul configuration directives, hopefully yielding a more
  straightforward, easier way to configure mod_ldap.

  The LDAPDoAuth and LDAPDoUIDLookups directives have been combined into the
  new LDAPUsers directive. The third argument to LDAPDoUIDLookups (the UID
  filter template) is now the third argument to LDAPUsers.

  LDAPDoGIDLookups is now LDAPGroups.

  LDAPDoQuotaLookups is now obsolete. The default quota can be specified
  with the new LDAPDefaultQuota directive.

  Also, the on/off booleans on these directives have been removed. Now, if
  the directive is present, the corresponding functionality will be enabled.

  For example, the previous configuration:

    LDAPDNInfo cn=your-dn,dc=example,dc=com dnpass
    LDAPDoAuth on ou=people,dc=horde,dc=net (uid=%u)
    LDAPDoUIDLookups on ou=people,dc=horde,dc=net (uidNumber=%u)
    LDAPDoGIDLookups on ou=groups,dc=horde,dc=net
    LDAPDoQuotaLookups on ou=people,dc=horde,dc=net (uid=%u) false,hard,10485760,0,0,0,0,0

  becomes:

    LDAPBindDN cn=your-dn,dc=example,dc=com dnpass
    LDAPUsers ou=people,dc=horde,dc=net (uid=%u) (uidNumber=%u)
    LDAPGroups ou=groups,dc=horde,dc=net
    LDAPDefaultQuota false,hard,10485760,0,0,0,0,0

- Remove OpenSSL local verification of password hashes; 'LDAPAuthBinds on'
  should do exactly the same thing in a more secure and standard way.
- Remove deprecated LDAPNegativeCache and LDAPUseSSL directives.
- Add group members to debug output.
- Various internal improvements to comments, log/debug messages, style, and
  logic.

v2.8.23:
* Add support needed by mod_sftp_ldap for fetching user public keys.
* Bad LDAP lookup can cause mod_ldap segfault under some conditions.
  (Bug #3424)

v2.8.22:
* Disable the LDAPUseSSL directive, instead logging a warning so existing
  configurations do not cause ProFTPD startup failure. Previous versions
  enabled TLS when this directive was enabled. This behavior was incorrect,
  since the intended behavior was to enable LDAPS/LDAP over SSL. To use
  LDAPS, specify the ldaps:// protocol in the LDAPServerURL URL(s).

  If you wish to continue using TLS, you must modify your configuration to
  specify the ldap:// scheme in the LDAPServerURL URL and add the directive
  'LDAPUseTLS on' to your configuration.
* Add support for quota profiles. If a user entry doesn't have an ftpQuota
  attribute, search for the DN contained in the user's ftpQuotaProfileDN
  attribute (if present) and use the ftpQuota attribute present on that DN.
  (Bug #2617)
* Fix segfaults in debug logging on platforms whose printf() does not
  gracefully handle NULL string pointers. (Bug #3346)
* Escape LDAP filter metacharacters in inserted values when interpolating
  filter templates.
* Emit a debug warning when an LDAP URL is specified without an explicit
  search scope.
* Bug 2922 locks authentication for an account to the same module that
  fetched the original account information. Remove the kludge wherein
  "*" is passed to pr_auth_check() if we're doing auth binds to prevent
  other modules from processing authentication. This has the convenient
  side effect of making the UserPassword directive work with LDAP-sourced
  accounts. Bump the required ProFTPD version to 1.3.1rc3.
* Emit correct LDAP timeout in debug message, accounting for the default if
  none was specified. Reported by Nikos Voutsinas <nvoutsin@noc.uoa.gr>.

v2.8.21:
* Implement an internal failover mechanism instead of relying on the LDAP
  SDK's built-in failover (if any). Fixes failover regression introduced
  in v2.8.19 when ldap_initialize() was first used.
* Multiple LDAP URL arguments may now be passed to LDAPServer:

  LDAPServer ldap://127.0.0.1/??sub ldap://172.16.0.1/??sub
* When setting whether to dereference LDAP aliases after connecting to
  the LDAP server, treat failure as a hard failure and refuse to continue
  with that LDAP server. Previously, failure when specifying whether to
  dereference aliases would be logged but the connection to that server
  would continue.

v2.8.20:
* Prevent the use of LDAPSearchScope or LDAPUseSSL when LDAPServer specifies
  a URL. Instead, the desired search scope and SSL setting should be
  specified by the URL.
* When using OpenSSL for local password verification (as opposed to
  'LDAPAuthBinds on'), make the Base64 encoding buffer larger to ensure
  we account for expansion resulting from the encoding.
* Retrieve all LDAP attributes when calling pr_ldap_user_lookup() since
  it will need various attributes (to perform home directory generation,
  for one). Thanks to Nikos Voutsinas <nvoutsin@noc.uoa.gr>.
  http://forums.proftpd.org/smf/index.php/topic,3562.0.html
* Portability fix: don't use ldap_initialize() and ldap_unbind_ext_s()
  unless we're building against the corresponding versions of the OpenLDAP
  SDK.

v2.8.19:
* Fix compilation with old LDAP SDKs (LDAP_API_VERSION < 2000). Thanks to
  Saju Paul <saju.paul@messageway.com>.
* Define LDAP_SCOPE_DEFAULT if not defined by the SDK, fixing compilation
  with (recent?) Sun LDAP headers.
* Use the configured ldap_port in "connected..." debug message, not
  LDAP_PORT.
* Fix segfaults on client connect when an LDAP URL is used as an argument
  to the LDAPServer directive. (Bug #3097)
* Automatically enable LDAP TLS support based on a best guess as to whether
  the installed LDAP SDK supports it.
* Fixed missing ldap_init() -> ldap_initialize() when updating for latest
  LDAP C API. Fixes segfaults on (some?) 64-bit systems. (Bug #3046)

v2.8.18:
* Remove all local caching code in favor of the recently added caching in
  the ProFTPD Auth layer.
* Silence some compiler warnings.
* To verify non-crypt() password hashes locally with OpenSSL, it is no
  longer necessary to edit mod_ldap.c to enable HAVE_OPENSSL. Instead,
  build ProFTPD with the --enable-openssl argument to configure.

v2.8.17:
* Use non-deprecated LDAP API functions if the LDAP SDK is new enough to
  comply with draft-ietf-ldapext-ldap-c-api-04.

v2.8.16:
* Add 'LDAPAliasDereference never|search|find|always' directive, which
  defaults to never. This default is compatible with previous versions,
  which did not support alias dereferencing.
* Fix LDAPAttr support when more than one LDAPAttr directive is used.
* Sync with ProFTPD API: set session.auth_mech to indicate that we've
  successfully authenticated the user.
* Eliminate segfaults when group information for an LDAP user is available
  from other sources (such as mod_auth_unix). Thanks to Erick Briere
  <Erick.Briere@afp.com>.
* Make sure to count %u escapes as well as %v escapes when determining
  filter length.
* Fix parenthesizing in connection code.

v2.8.15:
* Erroneous release; contained 2.8.14 by mistake.

v2.8.14:
* Fix authentication when LDAPAuthBinds is enabled, which broke in 2.8.13.
* Fix a typo in the group-by-name filter.

v2.8.13:
* This release REQUIRES ProFTPD 1.2.11rc1 or later.
* mod_ldap now uses ProFTPD's CreateHome to create home directories. Some
  LDAPHomedirOnDemand directives have been removed in favor of CreateHome.
  The directives that apply to home directory path name generation still
  exist, but have been renamed to LDAPGenerateHomedir.
* The LDAP protocol version now defaults to LDAPv3. If you need to use
  LDAPv2, say 'LDAPProtocolVersion 2' in your proftpd.conf. (Bug #2443)
* LDAP attribute names are now configurable via proftpd.conf. For example,
  if you want to change the uid attribute name, say 'LDAPAttr uid myUidAttr'
  in your proftpd.conf.
* The define to enable TLS support has been renamed to USE_LDAP_TLS.
* The '%u' escape is now supported in all cases where '%v' is.
* ProFTPD's UserPassword directive now works with LDAPAuthBinds enabled.
  (Bug #2482)
* Changed ldap_quota_lookup CMD to a HOOK.
* Fixed a few compiler type warnings.

v2.8.12:
* Group code memory manipulation fixes (Phil Oester (phil at theoesters dot
  com))
* Default quota support
* LDAP connections created for authenticated binds now honor the LDAPUseTLS
  directive.

v2.8.11:
* mod_quotatab limit support
* Allow ATTR_* compiler defines to be overridden on the build command line,
  e.g.: CFLAGS="-DUID_ATTR=foo" ./configure
* The canonical username from the LDAP directory is now used in directory
  creation.
* LDAPForceHomedirOnDemand to force the use of the generated home directory
  instead of the directory provided by the LDAP directory.
* Support for permissions on LDAPHomedirOnDemand suffixes. You can say:

  LDAPHomedirOnDemandSuffix foo:755 bar:700

  in your proftpd.conf.
* Support for %v escapes in LDAPDoAuth directive to allow fetching the
  user's entry directly, without performing a search first. For example,

  LDAPDoAuth on uid=%v,dc=example,dc=com

  will fetch the entry uid=[username],dc=example,dc=com directly when a user
  logs in, saving some effort on the part of the LDAP directory.
* Leading directories are now checked for and creation is no longer
  attempted if they already exist.
* Miscellaneous pedanticism & cleanup in error messages and the code itself.

v2.8.10:
* Ditch ldap_build_filter() (non-portable and/or deprecated) in favor of
  our own translation function. This should make mod_ldap build against
  OpenLDAP 2.1.x and Novell eDirectory, among others.

v2.8.9:
* Added explicit OpenSSL link exception to the license.

v2.8.8:
* ProFTPD Bug 1659 - LDAP config handlers should use c->pool instead of
  permanent_pool

v2.8.7:
* Properly drop root privs in the LDAPHomedirOnDemand code if we're
  returning prematurely due to an error condition.
* Small cleanup of the LDAPHomedirOnDemand directory creation code.

v2.8.6:
* Fix to the user-caching code that now prevents the cache from
  returning an empty password struct in certain situations.

v2.8.5:
* Small fix in the group handlers - group lookups would sometimes be
  attempted even if they were disabled.

v2.8.4:
* Fix for segfaults when optional arguments are omitted from
  LDAPDoGIDLookups directive

v2.8.3:
* Secondary group support (thanks to Andreas Strodl for providing patches)
* LDAPHomedirOnDemand modes are now absolute; they are no longer subject
  to ProFTPD's umask.
* LDAPDefault[UG]ID directives should now support the full range of
  32-bit UIDs.
* Sanity checking is now done on LDAPDefault[UG]ID arguments to ensure
  they're numeric.
* LDAPDoGIDLookups now takes an extra argument. Its arguments are now:

  LDAPDoGIDLookups on|off group-base-dn by-name-filter by-uid-filter

  by-name-filter defaults to (&(cn=%v)(objectclass=posixGroup)) and
  by-uid-filter defaults to (&(gidNumber=%v)(objectclass=posixGroup)).

v2.8.2:
* Fixed a privilege escalation bug. If LDAPHomedirOnDemand is enabled and
  creation of the user's home directory fails, the server does not
  relinquish root privileges. There shouldn't be exploitable, but all
  users with LDAPHomedirOnDemand enabled are encouraged to upgrade.

v2.8.1:
* Fixed a bug that prevented proper permissions being applied to home
  directories created on demand.
* Fixed an issue that would prevent per-VirtualHost configuration directives
  from being properly recognized.

v2.8:
* The username escape sequence in search filter templates has changed.
  You must now use %v instead of %u as the escape for the username. For
  example, if you had:

    LDAPDoAuth on dc=example,dc=com (uid=%u)

  in your proftpd.conf with a previous version of mod_ldap, you will need
  to change this to:

    LDAPDoAuth on dc=example,dc=com (uid=%v)

* LDAPAuthBinds is now enabled by default. I'm sick of hearing "Your
  mod_ldap is broken; it won't talk to my LDAP server and I've ignored the
  convenient error message about userPassword that mod_ldap logs."

* The full path to user home directories is now created. Directories leading
  up to the user's home directory are created root-owned and mode 755 (i.e.,
  they are not subject to the mode argument to LDAPHomedirOnDemand). Home
  directory creation now works for all users, not just users with the same
  UID/GID as the main ProFTPD server. Lastly, the mode argument to
  LDAPHomedirOnDemand is no longer subject to ProFTPD's Umask.

* TLS support (You'll need to edit mod_ldap.c to define USE_LDAPV3_TLS and
  recompile proftpd, then say 'LDAPUseTLS on' in your proftpd.conf). This
  may or may not work with non-OpenLDAP SDKs; I'd love to hear if anyone has
  it working with the Mozilla LDAP SDK or any others.

* The LDAP search sizelimit is now set to prevent LDAP server thrashing with
  wildcarded usernames.

* Basic caching support has been added. This should cut down on the number
  of queries made to the directory server. In addition, negative caching
  is now enabled by default.

* LDAPHomedirOnDemandSuffix can now take multiple arguments (multiple
  directories to create) and can be activated independently of
  LDAPHomedirOnDemand.

* With the addition of LDAPHomedirOnDemandPrefix, home directories can now
  be completely autogenerated, removing the need for a homeDirectory
  attribute in each user's LDAP entry. Say:

    LDAPHomedirOnDemandPrefix /home

  in your proftpd.conf to give users a home directory with the format
  /home/username. In this example, the user joe would be given the home
  directory /home/joe.

* Attribute names are now #defines at the top of mod_ldap.c. You can now
  change attribute names by editing mod_ldap.c and recompiling.

* The LDAPDefaultUID and LDAPDefaultGID directives can now be forced;
  enabling LDAPForceDefaultUID or LDAPForceDefaultGID will apply the
  default UID or GID (respectively) even if a user has a different UID/GID
  in his uidNumber or gidNumber attribute.

* Fairly extensive code cleanup and comment syncing.

v2.7.6:
* Fixing the OpenLDAP 2 fixes.

v2.7.5:
* Fixes for OpenLDAP 2 support.
* Fix LDAP authentication filter use; previously, the user-specified search
  filter would not be used in the second stage of authenticating a user.

v2.7.4:
* The LDAPDefaultAuthScheme directive should function properly now.

v2.7.3:
* Removed some old, useless code.

v2.7.2:
* LDAPQueryTimeout fix. In mod_ldap v2.7.1, in some situations, the query
  timeout could be set to -1, which would cause all LDAP lookups to fail.

v2.7.1:
* Ported MacGyver's portable UID/GID code to mod_ldap
* The value passed to LDAPQueryTimeout is now honored (the timeout isn't
  simply set to 1 second)

v2.7:
* Added a fix for picky LDAP servers like Sun Directory Services; using
  AuthBinds with those LDAP servers would break in previous mod_ldap
  versions.  See the comments in the code for more details (search for "Sun
  Directory Services").
* You can now pass a file mode to LDAPHomedirOnDemand to create home
  directories with that mode.
* Improved group support; mod_ldap now supports multiple memberUid
  attributes for a group object.
* Miscellaneous neatening/tightening of high-level auth/lookup handler
  functions.
* You can now specify custom LDAP search filters at runtime. See the
  configuration guide (doc/Configuration.html) entries for LDAPDo* for more
  details.
* Objectclass is now enforced. You *must* have an objectclass attribute for
  each of your LDAP objects. This attribute must have a value of
  'posixAccount' ("objectclass: posixAccount"). For groups, this attribute
  must have the value 'posixGroup' ("objectclass: posixGroup"). If you wish
  to disable this objectclass enforcement, use the the LDAP filter
  "(uid=%u)" for Auth and UID lookups (see doc/Configuration.html for how to
  specify a custom LDAP search filter).
* Removed allowedServices code. The functionality that allowedServices
  provided can now be duplicated with a modified LDAP search filter.

  For example, to replicate basic allowedServices checking, pass this LDAP
  search filter to LDAPDoAuth:
  (&(uid=%u)(|(allowedServices=*FTP*)(!(allowedService=*))))

  To emulate deniedServices checking, use this search filter:
  (&(uid=%u)(!(deniedServices=*FTP*)))

  To emulate *both* allowedServices and deniedServices checking, use this
  filter (beware line wrap):
  (&(uid=%u)(|(allowedServices=*FTP*)(!(allowedService=*)))(!(deniedServices=*FTP*)))

v2.6.1:
* Fixed a bug that would prevent proper search scope selection.

v2.6:
* HomedirOnDemandSuffix - create an additional subdirectory in a user's home
  directory (/home/user/anotherdirectory) on demand
* Minor group fixes/cleanups - supplementary groups now work properly
* Password {scheme}s are now treated in a case-insensitive manner.
* Password-hash support for any crypto method OpenSSL supports
  To enable extended OpenSSL password hash support, edit mod_ldap.c and
  uncomment #define HAVE_OPENSSL. You'll also need to edit Make.rules to
  link against OpenSSL. Further details are provided in mod_ldap.c.
* Runtime search scope selection; one-level or subtree searches can be
  selected from proftpd.conf.

v2.5.2:
* Fixed a bug that would allow unauthorized users to log in when mod_ldap
  is used with other authentication modules and LDAPAuthBinds is set to on.

v2.5.1:
* Fixed a one-line bug that broke password authentication when AuthBinds
  weren't being used.

v2.5:
* Authenticated bind support added. mod_ldap now fetches all user information
  except for userPassword as the DN specified in LDAPDNInfo and then re-binds
  to the LDAP server as the connecting user with the user-supplied password.
  If the bind succeeds, the user is allowed to log in. This also has the
  added advantage of allowing mod_ldap to support any password encryption
  scheme that your LDAP server supports. Also, a privileged DN is no longer
  needed to read the userPassword attribute from the LDAP server.
* Realized I wasn't checking the return value of find_config() for NULL
  values, this would cause ProFTPD to segfault if certain config file
  entries were not present.
* Removed debugging code that might contain NULL values; passing a NULL
  value to printf() and friends under Solaris causes a segfault.
* Miscellaneous cleanups, code neatening.

v2.0:
* Config file syntax revamped:
   LDAPServer            localhost
   LDAPDNInfo            cn=your-dn,dc=horde,dc=net dnpass
   LDAPQueryTimeout      5
   LDAPDoAuth            on "dc=users,dc=horde,dc=net"
   LDAPDoUIDLookups      on "dc=users,dc=horde,dc=net"
   LDAPDoGIDLookups      on "dc=groups,dc=horde,dc=net"
   LDAPDefaultUID        35000
   LDAPDefaultGID        1000
   LDAPNegativeCache     on
   LDAPHomedirOnDemand   on
   LDAPDefaultAuthScheme clear
* Configurable LDAP query timeout [Peter Deacon <peterd@iea-software.com>]
* Cleartext password "encryption" scheme ("{clear}mypass")
* UID-to-name and GID-to-name lookups in directory listings
* Separate prefixes for user and group lookups
* Can turn on/off UID-to-name and GID-to-name lookups independently
* Default [UG]IDs. Say you want to have a web-toaster type of deal, with
  all users having the same [UG]IDs. Just don't put [ug]idNumber attrs in
  your LDAP database for those users, and set these configuration
  directives. Any user that doesn't have a [UG]ID in the LDAP database will
  have that info filled in with the default [UG]ID.
* mod_ldap is now able to function in a pure virtual-user environment;
  please note, however, that the loginShell LDAP attr still must be a
  valid shell. You can turn this check off by saying RequireValidShell off
  in your proftpd.conf
* allowedServices attr: (I broke with objectclass here, couldn't find
  something that seemed to fit this.) This attribute contains a
  comma-deliminated list of services to allow this particular user.  The
  string "FTP" corresponds to FTP service. If no allowedServices attr is
  present, all services will be allowed.
* You can have alternate LDAP servers; just specify LDAPServer "host1
  host2"; [Peter Deacon <peterd@iea-software.com>]
* LDAPHomedirOnDemand to automatically create home directories in a
  virtual-user environment. [patch: Bert Vermeulen <bert@be.easynet.net>]
* LDAPDefaultAuthScheme to select the authentication scheme to use when
  no {prefix} is present in a user's userPassword LDAP attr.
  [patch: Bert Vermeulen <bert@be.easynet.net>]
* Virtual hosting support may or may not work okay; theoretically, I think
  adding LDAP configuration directives to a <VirtualHost> block will work,
  but this hasn't been tested.

New Tested Platforms:

* Solaris 2.6 with Netscape Directory Server and the Mozilla LDAP C SDK,
  available at http://www.mozilla.org/directory/csdk.html.
  Peter Fabian <fabian@staff.matavnet.hu>
* Solaris 7 with gcc 2.95.1 and OpenLDAP 1.2.7
  Ralf Kruedewagen <Ralf.Kruedewagen@meocom.de>

v1.2:
* made the variables for the config entries static
* moved the meat of the ldap querying code to a separate function, this
  gets the individual getpw*() handlers down to about 15-20 lines each.
  also paves the way for easy LDAP group lookups too.
* explicitly set ld = NULL in p_endpwent(), looks like ldap_unbind()
  doesn't always set it to NULL, and bad things happen later.
* fixed a showstopper: if there's a user/group directive in proftpd.conf,
  mod_ldap:getpwnam() will be called to look up the user. since the
  LDAP config variables aren't initialized yet, the LDAP libraries crash
  and burn upon encountering a NULL ldap_prefix. put some checks in
  p_setpwent() to check for this and disable LDAP lookups before the
  parent forks and the config is initialized. thanks to Sean Murphy
  <smurphy@berbee.com> for sending me on this path.
* modified pw_auth() so that it will assume crypt() if there's no leading
  {scheme} in the password returned by the LDAP query.
* pw_auth() turned off logging of unidentifiable password encryption
  schemes; this would syslog the encrypted password returned by the ldap
  server. many people have their logs tightened, but not all.
* a few miscellaneous changes & cleanups

v1.1:
* Added $Libraries$ directive to mod_ldap so the module is now entirely
  self-contained.
* Changed one reference to sprintf() to snprintf() and changed uidstr
  in p_getpwuid() to have a length of BUFSIZ.
* Added config option (LDAPNegativeCache) to turn LDAP negative caching
  on and off. The default is off (don't do LDAP negative caching).
* Added entries to doc/Configuration.html for all the LDAP configuration
  directives.
* MacGyver added mod_ldap to the ProFTPD CVS tree; proftpd-ldap-1.1
  is now in sync with ProFTPD CVS.

v1.0:
* Initial release of proftpd-ldap


=========
4. Thanks
=========

* Everyone listed in mod_ldap.c for contributing code.

* James (james at wwnet dot net) for a copy of his LDAP module that he never
  released
* Krzysztof Dabrowski (brush at pol dot pl) for some big virtual-user ideas
* Peter Deacon (peterd at iea-software dot com) for ideas
* Peter Fabian (fabian at staff dot matavnet dot hu) for ideas and a tested
  platform
* Justin Hahn (jeh at profitlogic dot com) for good ideas and debate
* Ralf Kruedewagen (Ralf dot Kruedewagen at meocom dot de) for a tested
  platform
* Steve Luzynski (steve at uniteone dot net) for extra help/testing/feedback
* Scott Murphy (smurphy at berbee dot com) for a trouble report
* Marcin Obara for lots of testing
* Miguel Barreiro Paz (mbpaz at edu dot aytolacoruna dot es) for a supported
  platform and new supported LDAP server
* Everyone else who has sent feedback, bug reports, feature requests,
  and ideas.

Using ProFTPD with Solaris 2.5.1 (possibly even other versions):

[Ed: Note, in Solaris 2.6 this is no longer necessary]

Solaris 2.5.1 has an odd problem involving tcp sockets inside of a
chroot()  [as used w/ DefaultRoot and Anonymous logins].  Apparently, due
to the Solaris xti code, socket operations initially attempt to open a few
devices, including /dev/tcp, /dev/udp, /dev/zero and /dev/ticotsord.  This
is most likely caused by the networking libraries, and is completely out
of the control and/or scope of ProFTPD.

Solaris 2.5.1 users wishing to use ProFTPD will have to do something like
the following in their anonymous or otherwise chroot'ed directories:

[ !!NOTE!!  Do not use the major/minor device numbers below verbatim.
  Solaris on different archs will use different major/minors.  Check
  your OS documentation first before doing this. ]

mkdir dev
mknod dev/tcp c 11 42
mknod dev/udp c 11 41
mknod dev/zero c 13 12
mknod dev/ticotsord c 105 1

Solaris 2.5 (and possibly 2.5.1) requires these additional device
nodes to be created in order to avoid a system panic when the
loopback interface is used:

mknod dev/ticlts c 105 2
mknod dev/ticots c 105 0

# the following is necessary to allow proftpd to create a socket
# when in non-low-port mode (such as during passive transfers)
chmod 0666 dev/tcp

Failure to create these files will result in "socket() failed in
inet_create_connection(): No such file or directory" when a user logs in
anonymously and attempts to transfer data of any type (including a simple
directory listing).

If you receive errors such as "socket() failed in
inet_create_connection(): Permission denied", you need to chmod 0666 your
dev/tcp device.

Using ProFTPD with UnixWare 7.1

UnixWare 7.x has an odd problem involving tcp sockets inside of a
chroot()  [as used w/ DefaultRoot and Anonymous logins].  Apparently, due
to the UnixWare xti code, socket operations initially attempt to open a few
devices, including /dev/tcp, /dev/udp, /dev/zero and /dev/ticotsord.  This
is most likely caused by the networking libraries, and is completely out
of the control and/or scope of ProFTPD.

UnixWare 7.1 users wishing to use ProFTP will have to do something like
the following in their anonymous or otherwise chroot'ed directories:

[ !!NOTE!!  Do not use the major/minor device numbers below verbatim.
  Solaris on different archs will use different major/minors.  Check
  your OS documentation first before doing this. ]

mkdir dev
mknod dev/tcp c 7 37
mknod dev/zero c 39 1

# the following is necessary to allow proftpd to create a socket
# when in non-low-port mode (such as during passive transfers)
chmod 0666 dev/tcp

Failure to create these files will result in "socket() failed in
inet_create_connection(): No such file or directory" when a user logs in
anonymously and attempts to transfer data of any type (including a simple
directory listing).

If you receive errors such as "socket() failed in
inet_create_connection(): Permission denied", you need to chmod 0666 your
dev/tcp device.

Additionally you will need to create the file etc/netconfig or you'll
get the following error message: _s_match: setnetconfig failed

mkdir etc
cp /etc/netconfig etc/netconfig

                      ProFTPD README.Cygwin
                      =====================

Introduction
------------

Cygwin is a UNIX-like environment framework for Microsoft Windows
98/NT/2000/XP operating systems. Most programs that you are used to using
can compile and behave exacttly the same way as on your favorite Unix
system. However, there are some minor differences and compatibility issues.


Configuring and Compiling
-------------------------

In standard Cygwin setup, there's no such username as 'root'. By default,
the configure script assigns 'Administrator' as the installation username.
Should you want to change this, then specify a username in the
'install_user' environment variable.

The rest of the installation process is as usual:

    ./configure
    make
    make install

Note: Cygwin does not currently support large files (e.g. files larger than
2 GB).  Also, Cygwin 1.3.22 or later should be installed. Earlier versions
of Cygwin would result in error messages like:

  426 Transfer aborted.  Socket operation on non-socket

Installing as Windows service
-----------------------------

Create a shell script and put it somewhere, with the following contents:

--8<--Cut here--
#!/bin/sh
# File: proftpd-config.sh
# Purpose: Installs proftpd daemon as a Windows service

cygrunsrv --install proftpd \
          --path /usr/local/sbin/proftpd.exe \
          --args "--nodaemon" \
          --type manual \
          --disp "Cygwin proftpd" \
          --desc "ProFTPD FTP daemon"
--8<--Cut here--

The --nodaemon option is important. It prevents the process from detaching.
Thus you can always shut it down with "net stop proftpd" command.

After running this script, you may run the daemon with "net start proftpd"
command. Or, change the type from "manual" to "auto", and it will run on the
system startup.

You can remove the service with the command:
    cygrunsrv --remove proftpd

Installing as inetd service
-----------------------------
Edit the corresponding line in /etc/inetd.conf:

    ftp stream tcp nowait root /usr/local/sbin/in.proftpd in.proftpd

You can specify an alternative configuration file with -c option.

Configuration File
------------------

The default configuration file resides in /usr/local/etc/proftpd.conf.
However, the default version of the proftpd.conf created by the installation
script is unusable within the Cygwin environment.

Some configuration directives need to be changed as follows:

    ServerType standalone|inetd

        Needs to be set correctly. Having standalone when running from inetd
        produces daemon processes which are difficult or impossible to kill.

    User   System
    Group  Administrators

        By default, a Windows service runs as the SYSTEM user, and if User
        directive specifies some other user, ProFTPD fails to change to that
        user.  Also, if no User directive given, the daemon tries to change
        the uid to the SYSTEM user ID.

        Using a less privileged user and/or group will result in errors
        when users attempt to login.

    <Anonymous directory_name>

        The user specified in User directive should exist as a Windows
        account. In Windows User Manager, this login can be even disabled.
        As usual, make sure you have this entry in the Cygwin /etc/passwd
        file (produced by mkpasswd.exe).

    UserPassword username encrypted_passwd

        The encrypted password can be produced with the "openssl passwd"
        command.

When a user logs in, the following non-fatal warnings will appear in the
proftpd logs:

    error setting write fd IP_TOS: Invalid argument
    error setting read fd IP_TOS: Invalid argument
    error setting write fd TCP_NOPUSH: Protocol not available
    error setting read fd TCP_NOPUSH: Protocol not available

Author:
Stanislav Sinyagin
CCIE #5478
ssinyagin@yahoo.com

# ProFTPD 1.3.x README

## Status

[![TravisCI Build Status](https://travis-ci.org/proftpd/proftpd.svg?branch=master)](https://travis-ci.org/proftpd/proftpd)
[![CirrusCI Build Status](https://api.cirrus-ci.com/github/proftpd/proftpd.svg?branch=master)](https://cirrus-ci.com/github/proftpd/proftpd)
[![Coverage Status](https://coveralls.io/repos/proftpd/proftpd/badge.svg?branch=master&service=github)](https://coveralls.io/github/proftpd/proftpd?branch=master)
[![Coverity Scan Status](https://scan.coverity.com/projects/198/badge.svg)](https://scan.coverity.com/projects/198)
[![C/C++ Language Grade](https://img.shields.io/lgtm/grade/cpp/g/proftpd/proftpd.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/proftpd/proftpd/context:cpp)
[![Release](https://img.shields.io/badge/release-1.3.7b-brightgreen)](https://github.com/proftpd/proftpd/releases/latest)
[![License](https://img.shields.io/badge/license-GPL-brightgreen.svg)](https://img.shields.io/badge/license-GPL-brightgreen.svg)

## Introduction

ProFTPD is a highly configurable FTP daemon for Unix and Unix-like
operating systems.  See the _**README.ports**_ file for more details about
the platforms on which ProFTPD in known or thought to build and run.

ProFTPD grew from a desire for a secure and configurable FTP server.
It was inspired by a significant admiration of the Apache web server.
Unlike most other Unix FTP servers, it has not been derived from the old
BSD `ftpd` code base, but is a completely new design and implementation.

ProFTPD's extensive configurability provides systems administrators great
flexibility in user authentication and access controls, including virtual
users and easy `chroot()` FTP sessions for individual users.

ProFTPD is popular with many service providers for delivering update
access to user web pages, without resorting to Unix shell accounts.

## Latest Release

- [ftp://ftp.proftpd.org/distrib/source/](ftp://ftp.proftpd.org/distrib/source/)
- [http://www.proftpd.org/](http://www.proftpd.org/)

> see _**RELEASE_NOTES**_ for an overview of the changes in this release.

## Major Features

- A single main configuration file, with directives and directive groups patterned after those of the Apache web server.
- Per directory ".ftpaccess" configuration similar to Apache's ".htaccess".
- Designed to run either as a stand-alone server or from `inetd`/`xinetd`.
- Multiple virtual FTP servers and anonymous FTP services.
- Multiple password files.
- Shadow password support, including support for expired accounts.
- Multiple authentication methods, including PAM, LDAP, SQL, and RADIUS.
- Virtual users.
- ProFTPD never executes any external program at any time. There is no `SITE EXEC` command, and all file and directory listings are generated internally, without using an external ls command.
- Anonymous FTP and other chroot directories do not require any specific directory structure, executable programs or other system files.
- Modular architecture with an API that facilitates well structured extensions to meet user needs.
- Visibility of directories or files controlled based on Unix style permissions or user/group ownership.
- Logging and `utmp`/`wtmp` support.  Extensible, customizable logging is available.
- If supported by the capabilities the host system, it can run as a non-privileged user in stand-alone mode, thwarting attacks aimed at exploiting "root" privileges.
- GPLv2 source license.  The source code is available to audit.

## Documentation

- The [doc/](doc/) directory
- [http://www.proftpd.org/docs/](http://www.proftpd.org/docs/)

## Installation Overview

For detailed installation instructions, see the _**INSTALL**_ file in the root
directory of the source distribution.

The ProFTPD source distribution is designed to be configured using the GNU
autotools, so compiling and installing follows the familiar command sequence of
```bash
./configure
make
make install
```

However, a significant portion of ProFTPD's configurability is done at compile
time, so it is highly recommended that you read _**INSTALL**_ and all of the
_**README.***_ files that pertain to your platform and desired features before
building the sources.

ProFTPD uses a single configuration file.  A few examples are included in the
[sample-configurations/](sample-configurations/) subdirectory of the source
distribution.

On most systems, the `inetd` or `xinetd` configuration must be changed, either
to remove the current ftpd entry to run ProFTPD standalone, or to change the
current ftpd entry to use the proftpd daemon.

## Questions

If you have questions, please ask them on the appropriate [mailing lists](http://www.proftpd.org/lists.html).

If you don't understand the documentation, please tell us, so we can explain it
better.  The general idea is: if you need to ask for help, then something needs
to be fixed so you (and others) don't need to ask for help.  Asking questions
helps us to know what needs to be documented, described, and/or fixed.

                        ProFTPD 1.3 README.modules
                        ==========================


Core ProFTPD Modules (modules subdirectory)
-------------------------------------------

Modules always included:

    mod_auth
        Implements FTP authentication commands (USER, PASS, ACCT, REIN).

    mod_core
        Implements core configuration directives and most RFC-959 FTP
        commands (CWD, CDUP, MKD, PWD, RMD, DELE, RNTO, RNFR, PASV, PORT,
        SYST, HELP, QUIT, NOOP), and the MDTM and SIZE extensions.

    mod_delay
        Implements algorithms to protect against information leaks
        via timing attacks.

    mod_log
        Interface to Unix message logging (syslog or file).

    mod_ls
        Implements the FTP LIST, NLST and STAT commands.

    mod_facts
        Implements the FTP MFF, MFMT, MLSD, and MLST commands.

    mod_site
        Implements the FTP SITE command, and the HELP, CHGRP, CHMOD
        subcommands.

    mod_auth_file
        Interface to file-based authentication (AuthUserFile, AuthGroupFile)

    mod_auth_unix
        Interface to the native Unix password system.

    mod_xfer
        Implements FTP file transfer commands (STOR, RETR, APPE, REST,
        ABOR, TYPE, STRU, MODE, ALLO, SMNT, STOU).

    mod_ident
        Implements RFC1413 identity lookups (IdentLookups).

Modules automatically included when supported by the OS:

    mod_auth_pam
        PAM (Pluggable Authentication Modules) authentication.
        See README.PAM.
        Originally contributed by MacGyver <macgyver@tos.net>.

    mod_cap, libcap
        POSIX 1e (IEEE 1003.1e draft) security model enhancements
        (capabilities and capability sets), available for Linux kernels
        2.1.104 and later. See README.capabilities.


Modules included upon request:

    mod_ctrls
        Provides the server-side listener for control requests
        (see README.controls)

    mod_dso
        Handles loading and unloading of DSO modules (see README.DSO)

    mod_facl
        Handles checking of POSIX ACLs (see README.facl)

    mod_lang
        Handles the LANG command (see README.NLS)

    mod_memcache
        Handles Memcache support

Contributed ProFTPD Modules (contrib/ subdirectory)
--------------------------------------------------

Also, see contrib/README.

Security/encryption modules:

    mod_sftp, mod_sftp_pam, mod_sftp_sql
        SSH2, SFTP, SCP protocol implementation
        See doc/contrib/mod_sftp.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_tls, mod_tls_memcache, mod_tls_shmcache
        SSL/TLS authentication/encryption
        See doc/contrib/mod_tls.html
        Originally by Peter Runestig
        Contributed by TJ Saunders <tj@castaglia.org>

Authentication modules:

    mod_ldap
        LDAP (Light-weight Directory Access Protocol) authentication.
        See README.LDAP.
        Contributed by John Morrissey <jwm@horde.net>.

    mod_sql, mod_sql_mysql, mod_sql_postgres, mod_sql_odbc, mod_sql_sqlite
        SQL (Structured Query Language) database authentication and
        other functions, with backends for MySQL, PostgreSQL, ODBC, and SQLite.
        See doc/contrib/mod_sql.html
        Contributed by Johnie Ingram <johnie@netgod.net>.

    mod_radius
       RADIUS (RFC2865) authentication and accounting
       See doc/contrib/mod_radius.html
       Contributed by TJ Saunders <tj@castaglia.org>.

Feature modules:

    mod_ban
        Dynamic blacklisting.
        See doc/contrib/mod_ban.html
        Contributed by TJ Saunders <tj@castaglia.org>.

    mod_ctrls_admin
        Common administrative control actions
        See doc/contrib/mod_ctrls_admin.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_dynmasq
        Automatic refreshing of IP address for MasqueradeAddress DNS name,
        for sites that use DynDNS-type services
        See doc/contrib/mod_dynmasq.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_exec
        Execute custom external scripts based on session actions/events.
        See doc/contrib/mod_exec.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_geoip
        Look up geographic information based on the client IP address.
        See doc/contrib/mod_geoip.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_ifsession
        Conditional per-user, per-group, per-class configurations
        See doc/contrib/mod_ifsession.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_load
        Reject connections based on system load
        See doc/contrib/mod_load.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_log_forensic
        Only write log information when criteria are met.
        See doc/contrib/mod_log_forensic.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_qos
        Tweak the network TCP QoS bits for better routing
        See doc/contrib/mod_qos.html
        Contributed by Philip Prindeville

    mod_quotatab, mod_quotatab_file, mod_quotatab_ldap, mod_quotatab_radius,
      mod_quotatab_sql
        User/group/class quotas.
        See doc/contrib/mod_quotatab.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_ratio
        User upload/download ratios.
        See contrib/README.ratio and the comments in mod_ratio.c.
        Contributed by Johnie Ingram <johnie@netgod.net>
        and Jim Dogopoulos <jd@dynw.com>/<jd@downcity.net>.

    mod_readme
        Display "readme" files, controlled by the "DisplayReadme" directive.
        Originally contributed by <jan.menzel@gmx.de>.

    mod_rewrite
        Powerful regular expression-based command parameter rewrite engine
        See doc/contrib/mod_rewrite.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_shaper
        Throttling of data transfers across the entire server.
        See doc/contrib/mod_shaper.html

    mod_site_misc
        Miscellaneous SITE commands (e.g. SITE SYLINK, SITE UTIME)
        See doc/contrib/mod_site_misc.html

    mod_unique_id
        Provides a unique ID for each FTP session, useful for session
        tracking in log files and databases
        See doc/contrib/mod_unique_id.html
        Contributed by TJ Saunders <tj@castaglia.org>

    mod_wrap
        TCP Wrappers.
        See contrib/README.mod_wrap and doc/contrib/mod_wrap.html.
        Contributed by TJ Saunders <tj@castaglia.org>.

    mod_wrap2, mod_wrap2_file, mod_wrap2_sql
        TCP wrappers functionality, extended to include SQL tables
        See doc/contrib/mod_wrap2.html
        Contributed by TJ Saunders <tj@castaglia.org>.


Other ProFTPD modules (not included in the source distribution)
---------------------------------------------------------------

Please see

    http://www.proftpd.org/module_news.html

for a current third-party module list. These modules (and patches) are
neither evaluated nor sanctioned in any way.

                        ProFTPD 1.2 README.ports
                        ========================


See the web site for a more complete and current list:

        http://www.proftpd.org/platforms.html

If you have successfully built and run ProFTPD on a platform not listed,
you are invited to share your experience.  Please include your platform
name and version (e.g. `uname -a`), compiler and version, the proftpd
version (e.g `./proftpd -v`), any optional modules that you are using
(e.g. `./proftpd -l`), and any special instructions or comments.

        proftpd-devel@proftpd.org
        http://www.proftpd.org/platforms.html


The Linux compilation environment largely depends on the kernel,
glibc, gcc, and libpam.  So, please either report the versions of
these components, or the distribution name, version and any patches
affecting the compilation environment.


ProFTPD has been reported to build on the following:

    OS                 Compiler     Comments
    -----------------  -----------  ----------------------------------------
    AIX 3.2                         native compiler
    AIX 4.2                         tested
    AIX 4.2.1          gcc 2.95.2   see README.AIX
    AIX 4.2.1          cc 4.4       see README.AIX
    AIX 4.3.3          cc 4.4       see README.AIX

    BSDI 2.x                        possibly
    BSDI 3.1                        tested; use gmake instead of make
    BSDI 4.0

   ?BSD/OS 4.1
   ?BSD/OS 4.2

    Compaq Tru64 5.0A
    Compaq Tru64 5.0B
    Compaq Tru64 5.1B

    DEC OFS/1                    native compiler
    Digital UNIX 4.0A

    FreeBSD 2.2.7                   tested, see README.FreeBSD
    FreeBSD 3.3                     see README.FreeBSD
    FreeBSD 3.5        gcc          see README.FreeBSD
    FreeBSD 4.1        gcc
    FreeBSD 4.2        gcc
    FreeBSD 4.3        gcc
    FreeBSD 4.4        gcc
    FreeBSD 4.5        gcc
    FreeBSD 4.6        gcc
    FreeBSD 4.7        gcc
    FreeBSD 4.8        gcc
    FreeBSD 4.9-PRERELEASE
    FreeBSD 5.0        gcc

    HP/UX 10.x
    HP/UX 11.x                      native compiler or gcc

    IRIX 6.2
    IRIX 6.3                        native compiler or gcc
    IRIX 6.4                        tested
    IRIX 6.5           cc 7.30

    Linux              gcc          kernel 2.0.x, 2.2.x or 2.4.x
                                    glibc2 (libc6) required
    MacOS X

    NetBSD 1.4         gcc
   ?NetBSD 1.5         gcc
    NetBSD 1.6.1       gcc

    OpenBSD 2.2
    OpenBSD 2.3
    OpenBSD 2.6        gcc
    OpenBSD 2.7        gcc
    OpenBSD 2.8        gcc

    Solaris 2.5        gcc 2.91.66  see README.Solaris2.5x
    Solaris 2.5.1      gcc          see README.Solaris2.5x
    Solaris 2.6
    Solaris 7
    Solaris 8          cc 5.0
    Solaris 8          gcc 2.95.2
    Solaris 9          gcc 2.95.3

    UnixWare 7                      see README.Unixware

Linux distributions:
   ?Caldera 2.3        gcc
    Conectiva 5.0      gcc          bundled
    Debian 2.2         gcc
   ?Immunix 6.2        gcc
    Mandrake 7.2       gcc
    Red Hat 6.2        gcc
    Red Hat 7.0        gcc
    Slackware 7        gcc
    SuSE 6.4           gcc
    Trustix 1.2        gcc 2.95.2   bundled
   ?TurboLinux 6.0     gcc