How do you set up ftp and DCE?

How do you set up ftp and DCE?

Post by Thomas R. Stevens » Fri, 19 Jul 1996 04:00:00



We're running Solaris 2.4 and Transarc's DCE/DFS 1.1. We are also
running Cray's Unicos as a DCE client (I will explain later why I
mention the Cray).

We are having problems accessing DFS files when FTPing into a Solaris
2.4, Transarc DCE/DFS 1.1 client machine using a DCE id/password. I
assume the problem is that the ftpd daemon does not do a dce login to
log the user into both DCE and the unix machine, and thus no DCE
credentials are created.

The reason I mentioned the Cray above is that when we FTP into it
using a DCE id/password, we have full access to all of the DCE/DFS
files (the user would normally have access to), so the Cray version of
ftpd must create the DCE credentials that are missing from the
Sun/Transarc version of DCE.

Does anyone know if there is anything we can do to get ftpd to be able
to access DFS files when connceting into a Solaris 2.4, Transarc
DCE/DFS 1.1 client machine? Thanks!

--


      /   /_/  /_    VMail:     (313) 577-4742
     /.  /\.  __/.   Fax:       (313) 577-5626
                     Home Page: http://tom.cc.wayne.edu
                     Anon FTP:  ftp://tom.cc.wayne.edu

   For my PGP PUBLIC KEY BLOCK,

"A common mistake that people make when trying
 to design something completely foolproof was         Douglas Adams
 to underestimate the ingenuity of complete           Mostly Harmless
 fools."

 
 
 

How do you set up ftp and DCE?

Post by Brian Rei » Wed, 24 Jul 1996 04:00:00


Quote:

> We're running Solaris 2.4 and Transarc's DCE/DFS 1.1. We are also
> running Cray's Unicos as a DCE client (I will explain later why I
> mention the Cray).

> We are having problems accessing DFS files when FTPing into a Solaris
> 2.4, Transarc DCE/DFS 1.1 client machine using a DCE id/password. I
> assume the problem is that the ftpd daemon does not do a dce login to
> log the user into both DCE and the unix machine, and thus no DCE
> credentials are created.

Yes this is correct.  Unless the vendor has done something special to
their ftpd you will not get a DCE context.

Quote:

> The reason I mentioned the Cray above is that when we FTP into it
> using a DCE id/password, we have full access to all of the DCE/DFS
> files (the user would normally have access to), so the Cray version of
> ftpd must create the DCE credentials that are missing from the
> Sun/Transarc version of DCE.

Yes Cray's ftpd has additional code to setup a DCE context and set
a PAG for the user.  This allows a user to use ftp and still have access
to DFS files as a authenticated user.  This is all part of the
Integrated DCE login feature that CRI provides.

Quote:

> Does anyone know if there is anything we can do to get ftpd to be able
> to access DFS files when connceting into a Solaris 2.4, Transarc
> DCE/DFS 1.1 client machine? Thanks!

You might want to check into using MIT's Kerberos 5 beta 6 code along
with the work that the ESnet folks have been doing with respect to
kerberos and DCE.  I believe that you could get a Solaris ftpd from
this combination of code that would provide you with what you are
asking for.

I don't know of any off the shelf product that will provide you with this
feature for a Solaris box.

------------------------------------------------------------------------------
Brian Reitz                                     voice: (612) 683-5092

655F Lone Oak Drive
Eagan, MN, 55121, USA
------------------------------------------------------------------------------

 
 
 

How do you set up ftp and DCE?

Post by Jonathan Chini » Fri, 26 Jul 1996 04:00:00



> > Does anyone know if there is anything we can do to get ftpd to be able
> > to access DFS files when connceting into a Solaris 2.4, Transarc
> > DCE/DFS 1.1 client machine? Thanks!

> You might want to check into using MIT's Kerberos 5 beta 6 code along
> with the work that the ESnet folks have been doing with respect to
> kerberos and DCE.  I believe that you could get a Solaris ftpd from
> this combination of code that would provide you with what you are
> asking for.

> I don't know of any off the shelf product that will provide you with this
> feature for a Solaris box.

[Sorry for the adverti*t here]
Starting August 5th -- there will be one. It is called the DCE/Snare. It
enables *any* TCP/IP or legacy app using TCP and sockets to utilize the
full power of the DCE security framework *transparently*. In your specific
case, we will carry your DCE credentials from the client host through a
DCE RPC tunnel (encapsulating the ftp data) and deliver them to a DCE
proxy which can make your filesystem access for you. If the access is to a
plain Unix file -- it will be  protected by a DCE ACL that our proxy
maintains for non-DCE objects. If, on the other hand, it is an object that
does have a DCE ACL (i.e you want to interact with a DCE server on the
target machine) your DCE credentials will be fwd'ed so that you can make
use them on the server.

We will have a detailed white paper about our product on our web site next
week, and will be showing it at the Boston DCE conference in 10 days.
[end adverti*t]

-Jonathan