HP3000-L Archives

March 1997, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: ftp and session passwords
From:
Tracy Johnson <[log in to unmask]>
Reply To:
Tracy Johnson <[log in to unmask]>
Date:
Sun, 16 Mar 1997 21:48:31 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (88 lines) 
Actually all the below is a plus for me.  Since I have to configure a user
in SECURITY/3000 to be able to login WITHOUT a session name to FTP.

The window for FTP is open only as long as this user is configured in.
 After my FTP is over, I deconfigure the user in SECURITY/3000.

----------
From:   Joe Geiser[SMTP:[log in to unmask]]
Sent:   Sunday, March 16, 1997 7:28 PM
To:     [log in to unmask]
Subject:        Re: ftp and session passwords

FTP under MPE uses the same authentication as other processes during logon
and creates a session after authentication is successful.

Again, here's how it goes:

HP FTP was developed under Unix.  Unix uses only a Username and a Password
to log onto the system.  This is not the same as MPE, of course.  In order
to keep HP FTP as close to it's source as possible, there needed to be
some way to handle the "Username/Password" authentication scheme.

The Username is the USER.ACCOUNT string.  The Password is the
"UPASS,APASS" string (yes, a comma is the delimiter).  These two strings
are parsed and assembled into a proper HP3000 logon and authenticated.

There was no provision made for session name, unfortunately.  HP should
consider this for future enhancement for the very reason that
SECURITY/3000 and other packages are being used.  Either that, or VESOFT
and the other vendors need to start looking at which port (socket) the
"session" is coming in on, if at all possible - which it may not be,
because the "session" becomes a VT session.  Guess what else is not
supported?  Try to specify a Group and Group Password, which is also a
proper part of a logon string.  Most sites use home groups, therefore,
this is not used much, but it is part of the logon string, and not
supported under HP FTP.

So basically kids, HP FTP is out if you use a security package (except
HP's, I think), until someone enhances something to let it happen.  This
could also be the case with other Internet utilities (ie: inetd) which
were released under 5.5 (Guess I have to test this, unless someone else
has...).  One might look at 3K's FTP --- which I do believe supports this
(Chris?  Time to chime in with a <plug></plug>)

Best regards,
Joe
----------------------------------------------------------------------
Joe Geiser
CSI Business Solutions
140 Bristol-Oxford Valley Road, Suite 102
Langhorne, PA 19047-3083
Toll Free (US/Canada): (888) 956-9812
[log in to unmask] (at work)
[log in to unmask] (at play)
----------------------------------------------------------------------

----------
> From: Tracy Johnson <[log in to unmask]>
> To: [log in to unmask]
> Subject: Re: ftp and session passwords
> Date: Sunday, March 16, 1997 12:56 PM
>
> I tested it online, apparently you cannot embed passwords when you've
set
> up Security/3000 to require session names.  I get "Expected Account
Name"
> instead.
>
> Although I'm not sure at this point it is Security 3000 fighting back,
or
> is it because the session name I used plus the session name password is
> greater than 8 chars combined.
>
> I also tested it with WRQ's FTP.  It times out with a winsock error.
>
> <From Paul Gobes>
>
> It's time to try WRQ's ftp client. For username you need to supply the
> session password. e.g.
>
>             Server Name:    poopsie
>             Username   :    paul/sesspass,manager.sys
>             Password   :   < user password if any >
>
> The only downside is that after connecting, your session password is
> visibly
> still part of your displayed username.

ATOM RSS1 RSS2