Manualshelf

WU-FTPD 2.6.1 Release Notes for HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
11121314151617181920
NOTE: By default, the CA.pl script requests for a password to protect the private
keys. If you are protecting the password with a PEM passphrase, enable the ftpd
-z password=value option and set the appropriate password.
Configuring a WU-FTPD TLS Server and an FTP Client
This section addresses the following topics:
“Configuring an FTP Server in a TLS/SSL Environment” (page 18)
“Configuring an FTP Client in a TLS/SSL Environment” (page 19)
Consider the following points before configuring an FTP TLS server and an FTP client:
You cannot use TLS security mechanism to secure third party file transfers (PROXY
transfer).
TLS security mechanism does not use the TCP sendfile() API to transfer data
contents. Therefore, even if the sendfile() API is configured, the TLS security
mechanism overrides the configuration.
The usetls, rsacert, rsakey, and CAfile are the minimum set of configuration
flags or options that must be enabled for securing FTP control connection using
TLS. This is also the minimum configuration that is sufficient for a user to login
from an FTP client provided the certificate sent by the FTP client is successfully
verified by the CA certificate loaded by the FTP server.
If both the TLS/SSL and Kerberos security features are enabled in FTP, the TLS/SSL
feature obtain precedence over the Kerberos feature during logon. Therefore, the
user is prompted for the username and password even though Kerberos is enabled
in the system.
Configuring an FTP Server in a TLS/SSL Environment
To configure an FTP server in a TLS/SSL environment, complete the following steps:
1. Ensure that the OpenSSL software is installed in the system.
2. Ensure that the ftp-ssl-ncf FTP TLS enhancement software is installed in the
system. Run the following command to ensure that the software is installed:
# swlist -l product | grep ftp-ssl-ncf
The following output is displayed if the software is installed in the system:
ftp-ssl-ncf B.11.23.01.001 ftp-ssl-ncf web release
3. Configure OpenSSL and generate X.509 certificates and keys before starting the
FTP server.
4. Enable TLS configuration for the FTP server using either of the following methods:
Using -z command-line option in ftpd(1M).
18 WU-FTPD 2.6.1 Release Notes