[2801] in Kerberos-V5-bugs
krb5-appl/481: Change requests to kerberos ftpd
daemon@ATHENA.MIT.EDU (benjid@teamnet.net)
Wed Oct 15 15:09:28 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, benjid@teamnet.net
Date: Wed, 15 Oct 1997 14:08:14 -0500 (CDT)
From: benjid@teamnet.net
Reply-To: benjid@teamnet.net
To: krb5-bugs@MIT.EDU
>Number: 481
>Category: krb5-appl
>Synopsis: Change requests to kerberos ftpd
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Wed Oct 15 15:09:00 EDT 1997
>Last-Modified:
>Originator: Ben Dehner
>Organization:
Team Technologies
>Release: 1.0pl1
>Environment:
System: IRIX media 6.2 03131015 IP22
>Description:
(The following suggestions are based on the behavior of the
SGI IRIX ftp daemon; I find them both very useful.)
Kerberos ftpd does not support "restricted" ftp users. These
are users that are listed in the "/etc/ftpusers" file, along
with the keyword "restrict". The "restrict" keyword tells ftpd
(or some ftpds, anyway) that the user is allowed access, but that
ftpd is to do a chroot to this user's home directory before
allowing access. Kerberos ftpd only supports "chroot" for the
specific case of anonymous ftp user.
Kerberos ftpd also does not support extended loggin ("-ll" option)
which logs all file transfer commands (get, put, etc.) as well
as mkdir, delete and rename commands. These are very useful for
the case where more than one user has write file access.
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Kerberos ftpd does not support restricted login or extended logging
