Thank you for this James.
What version of FTP will these wonderful new things be available in? We are
running 6.5 and "passive" is an invalid command.
Thanks,
Tony White
Ent Federal Credit Union
-----Original Message-----
From: HOFMEISTER,JAMES (HP-USA,ex1) [mailto:[log in to unmask]]
Sent: Monday, April 09, 2001 8:33 AM
To: [log in to unmask]
Subject: [HP3000-L] FTPDOC.ARPA.SYS new stuff (long)
Hello Folks @ 3000-l,
Re: FTPDOC.ARPA.SYS new stuff (long)
This is the unattached attachment which includes "new" FTP
documentation in FTPDOC.ARPA.SYS.
I thought it would be useful to send this info out since it answers
many many questions to the 3000-L and it would be helpful to have it
included in the archives.
************************************************************************
SITE STREAM command:
************************************************************************
The "SITE STREAM" command is an enhancement added to the FTP Server
"FTPSRVR" to support the execution "STREAM" of a MPE batch job file from
a FTP client which has already established a connection to the HP e3000.
Syntax:
SITE STREAM
The "SITE STREAM" file-name value is a MPE file name. The file name is
assumed to be a valid MPE job stream file and the MPE command ":STREAM
" is executed against this file. The return value from this
command is "200 STREAM command ok." or in the case of an error executing
this command a "550" error with an appropriate MPE error message text is
returned.
Note: The MPE job number or the MPE job execution output is not returned
to FTP.
************************************************************************
NETRC file:
************************************************************************
The "NETRC" file is an enhancement added to the FTP Client to support an
automated logon to a remote host.
Syntax:
machine ["]machine_name["] login ["]user["] password ["]passwd["]
or
default login ["]user["] password ["]passwd["]
Example:
machine "HPSYS" login "MANAGER.SYS" password "USERPASS,ACCTPASS"
or
default login "MGR.TELESUP" password "USERPASS,ACCTPASS"
The file is called "NETRC.. File equations can be used.
Syntax:
:file NETRC.=NETRC..
Note: The format of the NETRC. file has the following rules:
a. This file can be created and edited with a supported editor.
b. The syntax for each line of the file is:
machine ["]machine_name["] login ["]user["] password ["]passwd["]
or
default login ["]user["] password ["]passwd["]
c. There should be at most one "default" entry per file.
d. Each of the tokens "machine", "login", "password" and "default"
must match exactly, and must be in lower-case.
e. Each token must be separated by any number of SPACE or TAB characters.
f. Each identifier may be encapsulated by double-quotes,
i.e. e.g.,
machine "HPSYS" login "MGR.TELESUP" password "USERPASS,ACCTPASS"
and
machine HPSYS login MGR.TELESUP password USERPASS,ACCTPASS
are equivalent. This feature would be useful when a space is
embedded as part of a password, for example.
Note: unencrypted passwords stored in a file like this constitute a
security risk. If this is a problem, try the following command:
:altsec NETRC..;access=(r,w,a,l,x:cr)
If this is still a problem, don't use a NETRC file! It is
provided for usability, but its use is by no means required.
************************************************************************
PASSIVE command:
************************************************************************
The "PASSIVE" command is an enhancement added to the FTP Client to
support third-party transfers. This is an important implementation for
sites using "firewall" technology, securing access from users or systems
external to their local "Intranet". The support for passive has also
been implemented in the FTP Server "FTPSRVR".
The default mode for FTP is "ACTIVE" mode and with the "DEBUG" command
used you can see the FTP Client sends the following port command:
ftp> get /SYS/ARPA/OLDPARMS OLDPARMS
---> PORT 15,44,48,51,240,196
The FTP Client now sends the file:
---> RETR /SYS/ARPA/OLDPARMS
When specifying the "PASSIVE" command, The FTP Client is now in
"PASSIVE" mode and with the "DEBUG" command used you can see the FTP
Client now sends the "PASV" command instead of the "PORT" command and
waits for the SERVER to reply with the Data IP address and Ports.
ftp> passive
Passive mode is on.
ftp> get /SYS/ARPA/OLDPARMS OLDPARMS
---> PASV
The FTP Server responds with the reply:
227 Entering Passive Mode (15,70,188,86,251,223).
The FTP Client now sends the file:
---> RETR /SYS/ARPA/OLDPARMS
************************************************************************
PASSWORD option
************************************************************************
The "PASSWORD = ON" SETPARMS.ARPA.SYS configuration option is a security
enhancement added to the FTP Server "FTPSRVR" to support the ability to
restrict the establishment of FTP connections to MPE USER.ACCOUNT's
where at least "one" password (a "USER" password or an "ACCOUNT"
password) must exist.
The system default for this enhancement is "PASSWORD = OFF". This
option can be enabled by adding the line "PASSWORD = ON" to the file
SETPARMS.ARPA.SYS with a supported text EDITOR.
When the SETPARMS.ARPA.SYS file is configured with the "PASSWORD = ON"
option, the FTP Server "FTPSRVR" will reject any attempt to establish
an inbound FTP client connection to the HP e3000 for MPE USER.ACCOUNT's
which do not have at least one MPE logon password.
The FTP Client will see the following error message:
530 User log on unsuccessful
If FTP Console Logging is enabled, the FTP Server will generate the
following error message to the console:
0:40/#J93/62/FTP INVALID PASSWORD For: "USER.ACCOUNT,PUB" IP=127.0.0.1
************************************************************************
CONSOLE_LOGGING option
************************************************************************
The "CONSOLE_LOGGING = ON" SETPARMS.ARPA.SYS configuration option is a
security enhancement added to the FTP Server "FTPSRVR" to support the
"logging" of MPE session logon attempts (success and failure) on inbound
FTP connections to the HP e3000 system. These messages are logged on
the system console as well as to the MPE system logfiles.
The system default for this enhancement is "CONSOLE_LOGGING = ON". This
option can be disabled by adding the line "CONSOLE_LOGGING = OFF" to the
file SETPARMS.ARPA.SYS with a supported text EDITOR.
The following types of messages will be logged to the HP e3000 system
console as well as to the MPE system logfiles:
1:27/#J93/75/FTP OPEN For: "MANAGER.SYS,PUB" IP=127.0.0.1
0:40/#J93/62/FTP INVALID LOGON For: "INVLUSER.SYS" IP=127.0.0.1
0:40/#J93/62/FTP INVALID PASSWORD For: "MANAGER.SYS,PUB" IP=127.0.0.1
1:35/#J93/75/FTP CLOSE IP=127.0.0.1
************************************************************************
Configuration rules for SETPARMS.ARPA.SYS file
************************************************************************
The following configuration rules apply to the SETPARMS.ARPA.SYS file
POSIX = {ON/OFF}
PASSWORD = {ON/OFF}
CONSOLE_LOGGING = {ON/OFF}
Note: The format of the SETPARMS.ARPA.SYS file has the following rules:
a. This file can be created and edited with a supported editor.
b. Upper/Lower case letters can be used.
c. Blank spaces are not a problem.
d. The parameters can be entered in the file in any order.
e. Only the following keywords are allowed:
POSIX
PASSWORD
CONSOLE_LOGGING
f. By default if these keywords are not in SETPARMS.ARPA.SYS or if the
SETPARMS.ARPA.SYS file does not exist the following are the defaults:
console_logging = on
password = off
posix = off
----------
Regards,
James Hofmeister
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.
* To join/leave the list, search archives, change list settings, etc *
* please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, etc *
* please visit http://raven.utc.edu/archives/hp3000-l.html *
|