Subject: | |
From: | |
Reply To: | |
Date: | Thu, 9 Mar 2000 14:54:57 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello Friends,
RE: Creating an "FTP only" user
----------------------------------------Costas Anastassiades writes--
I wanted to set up a user just for FTP. The user will have a password
but since all FTP clients will logon using this user, the password
won't be the best kept one. So I didn't want the user to be able to
access the system prompt or execute any other command should someone
get clever and actually logon as a normal session.
This is what I came up with.
-create a new user with SF, IA and a specific HOME group
-assign him a UDC which has OPTION LOGON and NOBREAK and which PAUSES
for say 5 minutes (more than enough FTP time for my needs) and then
issues a BYE
----------------------------------------Costas Anastassiades writes--
Yes, this works with out the pause... I never cease to be amazed by
the creative solutions and tricks I learn out here on 3000-L //:+)
--------------------------------------------------Tom Genute writes--
Note that I don't think this method will work with MPE/IX 6.0. FTP
doesn't create a session under 6.0 and can't even be trapped by
VESOFT's Security/3000. This has created a big security hole. The
only way to find out who is logged on to the FTP server is: LISTFILE
FTPSRVR.ARPA.SYS,8 (or ,9)
--------------------------------------------------Tom Genute writes--
Yes, this "UDC OPTION LOGON / BYE" method does work on MPE/iX 6.0 &
6.5. You still have to have a valid MPE logon user.account for
FTP/iX on 6.0 & 6.5. I tested and verified it works on my machines.
Another note: VESOFT was relying on a invalid MPE logon syntax that
supported their ability to "hook" into FTP on MPE/iX 5.5 and
previous. This stopped working when FTP/iX on 6.0 performed greater
syntax checking. The FTP/iX syntax checking has since been "relaxed"
on MPE/iX 6.0 to once again allow VESOFT the ability to hook their
security product into FTP. This change was the ability to specify a
PASSWORD on the SESSION name in a logon. Example:
Hello YOURNAME/password,MANAGER.SYS
*********
This is invalid Syntax to MPE, but was the hook that
VESOFT was using on MPE/iX 5.5 and prior to pass a password into their
FTP security software.
This "relaxed" syntax checking is available in patch:
SR: 5003-458612
FROM: FTPFDH3 6.0 GENERAL RELEASE
Enhancement to USER command to allow session passwords for VESOFT.
I hope this helps.
Regards,
James Hofmeister
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.
|
|
|