[33247] in North American Network Operators' Group
RE: FTP with authentication to RADIUS
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Fri Jan 5 03:13:56 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F0922869BC7@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'Steven J. Sobol'" <sjsobol@NorthShoreTechnologies.net>,
joshua stein <jcs@rt.fm>
Cc: nanog@nanog.org
Date: Fri, 5 Jan 2001 00:07:30 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
With FTP ... just say "no!".
1) many versions of FTP make you system vulnerable to root cracks.
2) There is NO way to run FTP in a SSH tunnel because it uses dynamic port
assignments.
3) FTP logins are plain-text.
For sharing files, with anonymous users, HTTP is much better (see:
http://files.dnso.net)
> From: Steven J. Sobol [mailto:sjsobol@NorthShoreTechnologies.net]
> Sent: Thursday, January 04, 2001 2:35 PM
>
> On Thu, 4 Jan 2001, joshua stein wrote:
> > Michael Medwid wrote:
> > > Anyone know of an FTP server product that hooks into RADIUS for
> > > authentication? NT or Linux?
> > proftpd has more features, but isn't very stable (and has had a few
> > security problems in the past).
>
> It's much less security-hole-ridden than the godforsaken piece-of-crap
> copy of wuftpd that ships with many Linux distros (in
