Manualshelf

WU-FTPD 2.6.1 release notes (July 2010)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
11121314151617181920
NOTE: By default, the CA.pl script requests for a password to protect the private
keys. If you are protecting the password with a PEM passphrase, enable the ftpd
-z password=value option and set the appropriate password.
Configuring a WU-FTPD TLS Server and an FTP Client
This section addresses the following topics:
“Configuring an FTP Server in a TLS/SSL Environment” (page 18)
“Configuring an FTP Client in a TLS/SSL Environment” (page 19)
Consider the following points before configuring an FTP TLS server and an FTP client:
You cannot use TLS security mechanism to secure third party file transfers (PROXY
transfer).
TLS security mechanism does not use the TCP sendfile() API to transfer data
contents. Therefore, even if the sendfile() API is configured, the TLS security
mechanism overrides the configuration.
The usetls, rsacert, rsakey, and CAfile are the minimum set of configuration
flags or options that must be enabled for securing FTP control connection using
TLS. This is also the minimum configuration that is sufficient for a user to login
from an FTP client provided the certificate sent by the FTP client is successfully
verified by the CA certificate loaded by the FTP server.
If both the TLS/SSL and Kerberos security features are enabled in FTP, the TLS/SSL
feature obtain precedence over the Kerberos feature during logon. Therefore, the
user is prompted for the username and password even though Kerberos is enabled
in the system.
Configuring an FTP Server in a TLS/SSL Environment
To configure an FTP server in a TLS/SSL environment, complete the following steps:
1. Ensure that the OpenSSL software is installed in the system.
2. For the HP-UX 11i v2 operating system, the WU-FTPD 2.6.1 software bundle
provides the FTP product bundle and the SSL libraries as two independent
products. So, ensure that the ftp-ssl-ncf FTP TLS enhancement software is
installed in the system. Run the following command to ensure that the software
is installed:
# swlist -l product | grep ftp-ssl-ncf
The following output is displayed if the software is installed in the system:
ftp-ssl-ncf B.11.23.01.001 ftp-ssl-ncf web release
18 WU-FTPD 2.6.1 Release Notes