home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20000217-20000824
/
000216_news@columbia.edu _Sun Apr 23 01:36:31 2000.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
5KB
Return-Path: <news@columbia.edu>
Received: from watsun.cc.columbia.edu (watsun.cc.columbia.edu [128.59.39.2])
by fozimane.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id BAA23857
for <kermit.misc@cpunix.cc.columbia.edu>; Sun, 23 Apr 2000 01:36:30 -0400 (EDT)
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by watsun.cc.columbia.edu (8.8.5/8.8.5) with ESMTP id BAA15954
for <kermit.misc@watsun.cc.columbia.edu>; Sun, 23 Apr 2000 01:36:30 -0400 (EDT)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id BAA06640
for kermit.misc@watsun.cc.columbia.edu; Sun, 23 Apr 2000 01:15:43 -0400 (EDT)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: jaltman@columbia.edu (Jeffrey Altman)
Subject: Re: Request for Beta Testers: Internet Kermit Service for Windows
Date: 23 Apr 2000 05:15:39 GMT
Organization: Columbia University
Message-ID: <8du0tr$6fe$1@newsmaster.cc.columbia.edu>
To: kermit.misc@columbia.edu
In article <39023EEB.3814C331@eracc.bizland.com>,
ERA <gene@eracc.bi_z_land.com> wrote:
:
: Would it be possible to use a TRUSERS file like I use to run my Warp
: 4 FTPD? I can restrict access to directories with it and that's all I
: would really need to do with IKSD isn't it?
A TRUSERS file only works because FTPD has been written to enforce the
restrictions internally since the operating system is not capable
of it. Kermit does not have code to do this and writing it is a
non-trivial project which must be done extremely carefully to ensure
that serious security holes are not opened. Kermit is close to
150,000 lines of code at this point. That is a lot of code to have
to examine when attempting to add a feature like this.
: FWIW, I'd rather run an
: IKSD than FTPD 'cause my connection is only a 56k and clients have
: no way to resume a failed DL with FTPD but could with IKSD...
: ...and since when has Windows 95/98 had a real authentication type
: login service out of the box?
95/98 provide username and passwords "out of the box" plus the
ability to authenticate to a Domain server. Access to the system
after authentication is unlimited. Requiring user logins to the
system requires the setting of a registry entry.
: I would really like to know as I've not
: been able to discover anything on my client's Windows systems that
: can do this. If you're only talking NT or 2K I'll concede as I know
: NT uses authentication and I have no clue about 2K.
NT and 2000 provide local machine and domain user identities
including a full implementation of Access Control Lists (ACLs)
for all files, directories, and network services. Kermit 95
is able to also perform authentication using Kerberos 4, Kerberos 5,
Secure Remote Password, or X.509 certificates. After authentication
is performed K95 can load the appropriate user profiles, environment
blocks, and generate the necessary tokens to provide the IKS with
the authenticated user's privileges.
: Further, can we use a hostmode for internet access? If so I'd very
: much appreciate pointers on how to set this up! It could be used in
: place of IKSD if needed although I'd really prefer running a daemon.
You can use HOSTMODE for remote TCP/IP and serial dialup access. The
documentation is in the Kermit 95 online HTML manual. You install
k2dc.exe
as a subprocess under IBM TCP/IP's INETD.EXE process. As for the
desire to run a daemon, a daemon is simply a process that accepts
incoming TCP/IP connections. You have had this functionality since
the very first release of Kermit 95 for OS/2.
: Bottom line is I have OS/2, it's my main system for internet shared
: connections for my LAN and IKSD for OS/2 would be "most cool"! If I
: could figure out how to forward outside requests using NAT via Injoy
: Pro to our UnixWare 7.1 server then I would not need this and could
: just run IKSD on UW7 (which I plan to do for internal use anyway).
If OS/2 provided the necessary services, implementing IKS for OS/2
would be a trivial exercise. But it does not. In order to implement
a functional IKS for OS/2 not only would I need the ability to
provide end user logins (which I already have in the form of Secure
Remote Password protocol and X.509 certificates) but I would need
some method for enforcing file and directory access privileges. Since
this does not exist in OS/2, there is no IKS for OS/2.
Hostmode does provide the necessary directory access restrictions
based upon username and password and is user customizable since it is
entirely written in Kermit Script.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * kermit-support@kermit-project.org