home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.20021006-20030409
/
000361_jaltman2@nyc.rr.com_Wed Mar 5 09:09:56 EST 2003.msg
< prev
next >
Wrap
Text File
|
2003-04-08
|
3KB
|
61 lines
Article: 14157 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!phl-feed.news.verio.net!iad-feed.news.verio.net!iad-peer.news.verio.net!news.verio.net!news.maxwell.syr.edu!newsfeed-east.nntpserver.com!nntpserver.com!news-west.rr.com!news-server.columbus.rr.com!cyclone.rdc-nyc.rr.com!news-out.nyc.rr.com!twister.nyc.rr.com.POSTED!not-for-mail
From: "Jeffrey Altman [Road Runner NYC]" <jaltman2@nyc.rr.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030210
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.protocols.kermit.misc
Subject: Re: TLS HowTo Telnet/FTP
References: <f53f8c5c.0303041213.45f6bbe7@posting.google.com>
In-Reply-To: <f53f8c5c.0303041213.45f6bbe7@posting.google.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 38
Message-ID: <%_f9a.69872$ma2.18421108@twister.nyc.rr.com>
Date: Wed, 05 Mar 2003 05:33:47 GMT
NNTP-Posting-Host: 66.108.138.151
X-Complaints-To: abuse@rr.com
X-Trace: twister.nyc.rr.com 1046842427 66.108.138.151 (Wed, 05 Mar 2003 00:33:47 EST)
NNTP-Posting-Date: Wed, 05 Mar 2003 00:33:47 EST
Organization: Road Runner - NYC
Xref: newsmaster.cc.columbia.edu comp.protocols.kermit.misc:14157
IKSD does not support FTP protocol. IKSD support Telnet protocol.
From security.html:
When Kermit is acting as an Internet Kermit Service daemon (IKSD),
client certificates can be used for automatic login. If a
certificate-to-userid mapping function is provided, the IKSD logs the
user in automatically if the certificate is verified and the specified
userid exists. Kermit also supports the use of a ".tlslogin" file that
allows a certificate to be used to login automatically to an account
without a certificate-to-userid mapping function. When Kermit receives a
username via the Telnet New-Environment variable after it has received
and verified a client certificate, it looks in the home directory
corresponding to the username for a file called ".tlslogin". If the file
contains the certificate presented by the client, the client is logged
in as the requested user without a password. See Appendix III for
information on certificate to user mapping.
You simply copy the client's certificate into the .tlslogin file. The
certificate must be verified which means that you must have signed the
certificate by a certificate authority and the certificate authority
certificate must be installed for use by OpenSSL.
Curtis Steward wrote:
> Anyone have a HowTo or step-by-step for TLS Authentication on both
> the client and server side (FTP or Telnet) using IKSD?
>
> The http://www.columbia.edu/kermit/security80.html URL just doesn't
> cut it. The Cert Mapping is another story, I'll take anything at this
> point, but I'd prefer the entire certificate mapped which I understand
> I should be able to do via ~/.tlslogin.
>
> TIA,
>
> cs