AnonRequirePassword [ on|off]
0.99.0 and later
Normally, anonymous FTP logins do not require the client to authenticate themselves via the normal method of a transmitted cleartext password which is hashed and matched against an existing system user's password. Instead, anonymous logins are expected to enter their e-mail address when prompted for a password. Enabling the AnonRequirePassword directive requires anonymous logins to enter a valid password which must match the password of the user that the anonymous daemon runs as. However using AuthUsingAlias authentication can be matched against the password of the login username. This can be used to create "guest" accounts, which function exactly as normal anonymous logins do (and thus present a "chrooted" protected file system to the client), but require a valid password on the server's host system.
Example of a "guest" account configuration: <Anonymous ~roger> User roger Group other UserAlias proftpd roger AnonRequirePassword on # Deny write operations to all directories, underneath root-dir # Default is to allow, so we don't need a <Limit> for read operations. <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> # Deny all read/write operations in incoming. Because these are command-group # limits, we can explicitly permit certain operations which will take precedence # over our group limit. <Directory incoming> <Limit READ WRITE> DenyAll </Limit> # The only command allowed in incoming is STOR (transfer file from client to server) <Limit STOR> AllowAll </Limit> </Directory> </Anonymous>