[3852] in Release_7.7_team
Question from Stanford IT folks about our kerberized ftpd
daemon@ATHENA.MIT.EDU (Oliver Thomas)
Wed May 21 14:37:17 2003
Date: Wed, 21 May 2003 14:37:33 -0400
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
Cc: Oliver Thomas <othomas@mit.edu>
To: release-team@mit.edu
From: Oliver Thomas <othomas@MIT.EDU>
Content-Transfer-Encoding: 7bit
Message-Id: <492E63DD-8BBB-11D7-A98F-000393A3632A@mit.edu>
This came into the Helpdesk yesterday, who pinged me. While I could
point them at the source for the athena ftpd, I have no idea how
dependent our ftpd is on running on an Athena machine vs. running on
any old unix box with an afs client and kerberos. What can/should we
tell this person?
This is case 375831 in the Helpdesk's queue. I am not including client
info or e-mail address since release-team is public. I volunteered to
relay any advice from release-team to the customer and to update
Casetracker.
Thanks,
Oliver
-----First Message-----
Date: Tue, 20 May 2003 18:14:43 -0700 (PDT)
Subject: Kerberized FTP using Fetch
Hello,
I work for Stanford University's central IT department, and we are
exploring secure FTP clients for older versions of Mac OS (8 and 9). I
was wondering if you had any documentation available on your kerberized
ftp service; specifically, which ftpd are you running on your Athena
servers? How do you generate an AFS token so people can transfer files
to
and from AFS? (I assume this is done of your ftp server someplace)
I really appreciate any information you could give us about your
service,
as we need to find a solution for secure file transfer for our older Mac
clients.
Thanks for your help,
Alice
-----Follow-up Message----
Date: Wed, 21 May 2003 10:55:42 -0700 (PDT)
Hello Cesar,
Actually, I needed to know what software you run on the servers that
mount
AFS that allows you to get an AFS token, so that you can write to AFS.
From my understanding, you have a kerberos ticket that gets generated by
your MIT Kerberos for Macintosh software. This ticket gets passed using
Fetch (right?) to the server, which then somehow generates a token so
that
you can have correct permissions to write/read directories in your AFS
cell. I was wondering about the "somehow generates a token" bit. Do you
have some sort of a specialized ftpd running on the ftp.dialup.mit.edu
server? Which ftpd are you using?
I know that you are probably not the developer who wrote this
software...
do you think that you could pass my questions on to the group who
manages
this infrastructure?
Thanks,
Alice
