27 Jul 2000 13:31
ANNOUNCE: SSL/TLS ftp
Peter 'Luna' Runestig <peter <at> runestig.com>
2000-07-27 11:31:55 GMT
2000-07-27 11:31:55 GMT
This is to announce a unix implementation of ftp with SSL/TLS according to the "draft-murray-auth-ftp-ssl-05.txt" IETF draft, which describes the AUTH TLS, PBSZ 0 and PROT P ftp commands. It uses the OpenSSL toolkit <http://www.openssl.org/>. There is actually two server imp- lementations and one client: The first server is based on the ProFTPD ftp server <http://www.proftpd.net/>. It also has support for SSL/TLS-based user authentication. Tested on Linux and OpenBSD, test reports on other systems welcome! Available at: ftp://ftp.runestig.com/pub/proftpd-tls/ Since everyone didn't feel comfortable running proftpd on their servers, there's an alternative. I have made a port of the OpenBSD 2.7 ftpd server and added the TLS code. For Linux, I have added shadow password file support, but note that there's no PAM support (yet anyway). Tested on Linux and OpenBSD, test reports on other systems welcome! Available at: ftp://ftp.runestig.com/pub/ftpd-tls/ X509 client authentication -------------------------- Support for user authentication is possible through the custom function int x509_to_user(X509 *peer_cert, char *userid, int len) in the file x509_to_user.c, and by a .tlslogin file in the user's home directory. o tls_userid_from_client_cert() is called and returns a user id or NULL. tls_userid_from_client_cert() calls the site specific function x509_to_user(). o If the user name, set by the USER command, equals the user id mapped from the client cert, the user is logged right in. o If "USER" differ from the user id mapped from the client cert the function tls_is_user_valid() is called to check "USER"'s ~/.tlslogin file. That file, if it exist, contains one or more X509 certificates in PEM format. If the client cert is present in the file, the user is logged right in. o If tls_userid_from_client_cert() can't map a user id from the client cert, tls_is_user_valid() is called to check "USER"'s ~/.tlslogin file. If the client cert is present in the file, the user is logged right in. The client is based on the ftp client code in OpenBSD 2.7 <http://www.openbsd.org/>. Tested on Linux and OpenBSD, test reports on other systems welcome! Available at: ftp://ftp.runestig.com/pub/ftp-tls/ Cheers, Peter -- -- Peter "Luna" Runestig (fd. Altberg), Sweden <peter <at> runestig.com> PGP Key ID: 0xD07BBE13 Fingerprint: 7B5C 1F48 2997 C061 DE4B 42EA CB99 A35C D07B BE13 Gubben Movitz ler och nickar, / men från Charons mörka sund dödens blund / i dina blickar / bådar snart din sista stund. Carl Michael Bellman, Fredmans epistel nr 34
RSS Feed