[25991] in Athena Bugs
Case 647469: Fetch 4.0.3 no longer works against Athena ftpd
daemon@ATHENA.MIT.EDU (computing-help@mit.edu)
Wed Aug 25 17:04:02 2004
Date: Wed, 25 Aug 2004 17:00:28 -0400 (EDT)
Message-ID: <28897001.1093467628316.JavaMail.root@sheep.mit.edu>
From: computing-help@mit.edu
To: MEEROH@mit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: bugs@mit.edu
Errors-To: bugs-bounces@mit.edu
Hi, Miro:
I'm forwarding this case you submitted to the Help Desk to the list:
bugs@mit.edu
This is the Athena bugs list (for an archive of posts to that list, see:
http://mailman.mit.edu/mailman/listinfo/bugs). This should get the attention you need from the server admins for ftp.dialup.mit.edu.
Best to you,
Joanne L.
[8/25/2004 17:00:28 jwl Sent Email to Client]
===========================================================
Please retain the case reference in the subject line for future replies associated with this case
Case History
==================
8/24/2004 4:24:45 www Client added Web Entry
Fetch 4.0.3 no longer works against ftpd on ftp.dialup.mit.edu using either KClient or GSSAPI. The problem started some time in the last couple of months.
The problem is that Fetch sends a "PASS" command with no argument to the server, and the server then responds with a response that violates the protocol specification.
According to the FTP RFC, a PASS command requires an argument, so the server technically does not need to accept it, but it should probably not violate the protocol in response.
Fetch 4.0.3 assumes that a PASS command with no arguments is a valid way to test if the server requires a password to complete the login; as a result, this recent change in server completely breaks interoperability with Fetch 4.0.3.
8/24/2004 15:50:38 www Client added Web Entry
Correction: GSSAPI works fine. Only KClient FTP login is broken.
8/25/2004 13:48:19 agnepp Closed Case
8/25/2004 13:49:41 daemon Email Received
Date: Wed, 25 Aug 2004 13:45:44 -0400
To: MEEROH@MIT.EDU
From: Computing Helpdesk <computing-help@MIT.EDU>
Cc: computing-help@MIT.EDU
Subject: case 647469 (Fetch and GSSAPI)
Hello Miroslav, this is regarding your problems with Fetch and Kerberos.
KClient should not work in Fetch as that uses Kerberos v4 tickets which
have been disabled for FTP because they are not as secure as the v5 tickets
which the GSSAPI protocol uses. So that explains the behavior you are
experiencing.
Please let us know if you have further questions.
If you do, please respond to this email or call us at x3-1101 and reference
your case number 647469
Regards,
Ari
MIT Computing Help Desk
http//web.mit.edu/helpdesk
Important notice:
If you are a Windows user, be advised that the best way to avoid having
your machine's security compromised is to periodically
check for updates at http//windowsupdate.microsoft.com and
http//officeupdate.microsoft.com Please download and install
the latest security updates if needed.
Mac Help mac-help@mit.edu 617-253-1101
PC Help pc-help@mit.edu 617-253-1102
Other Help computing-help@mit.edu 617-253-1101 or 253-1102
View or update your case at http//casetracker.mit.edu (requires MIT
certificates).
Quick answers to a number of common MIT-related computing questions can be
found at http//hdstock.mit.edu/stockanswers
8/25/2004 13:52:54 daemon Reopened Case
Case re-opened.
8/25/2004 13:52:54 daemon Email Received
Date: Wed, 25 Aug 2004 13:52:37 -0400
To: Computing Helpdesk <computing-help@MIT.EDU>
From: =?ISO-8859-2?Q?Miro_Juri=B9i=E6?= <meeroh@MIT.EDU>
Cc:
Subject: Re: case 647469 (Fetch and GSSAPI)
> KClient should not work in Fetch as that uses Kerberos v4 tickets
> which have been disabled for FTP because they are not as secure as the
> v5 tickets which the GSSAPI protocol uses. So that explains the
> behavior you are experiencing.
It does not explain anything. They are not disabled. I can ftp using
athena ftp with Kerberos v4 tickets just fine:
meeroh@mass-toolpike:~% kdestroy
meeroh@mass-toolpike:~% kinit -4
meeroh@mass-toolpike:~% ftp ftp.dialup.mit.edu
Connected to mass-toolpike.mit.edu.
220 mass-toolpike.mit.edu FTP server (Version 5.60) ready.
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 authentication succeeded
200 Data channel protection level set to private.
Name (ftp.dialup.mit.edu:meeroh):
331 Kerberos user meeroh@ATHENA.MIT.EDU is authorized as meeroh;
Password required.
Password:
230 User meeroh logged in.
meeroh
--
<http://web.meeroh.org/> | KB1FMP
"Clue meter is reading zero." -- Alice
8/25/2004 17:00:27 jwl Sent Email to Client
Hi, Miro:
I'm forwarding this case you submitted to the Help Desk to the list:
bugs@mit.edu
This is the Athena bugs list (for an archive of posts to that list, see:
http://mailman.mit.edu/mailman/listinfo/bugs). This should get the attention you need from the server admins for ftp.dialup.mit.edu.
Best to you,
Joanne L.
