Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
51525354555657585960
10. Change the Detail: to at least medium in order to capture authentication
failures.
11. Click the Advanced tab.
12. Under Services, uncheck Workgroup Master Browser and Domain Master
Browser unless these services are operationally required.
13. Select Off for WINS registration.
4.10.3.5 Configuring the FTP Server
If authentication of users is possible, the SFTP portion of the SSH protocol should be
used instead of the FTP server to securely transmit files to and from the server. See
the Remote Login section for information on configuring SSH.
FTP is only acceptable if its anonymous access feature is required, which allows
unauthenticated clients to download files. The files are transferred unencrypted over
the network and no authentication is performed. Although the transfer does not
guarantee confidentiality or integrity to the recipient, it may be appropriate in some
cases. If this capability is not strictly required, it should be disabled.
To configure the FTP Server to provide anonymous FTP downloads if
operationally required:
1. Open Server Admin.
2. Select FTP under the Server's name.
3. Click the Settings button at the bottom of the window. The General
settings tab should appear.
4. In the General section, enter 1 in the text field to Disconnect client after 1
login failures. Even though we will not accept authenticated connections,
logins should fail quickly if it is accidentally activated.
5. Enter an e-mail address specially set up to handle FTP administration, e.g.
ftpadmin@hostname.
6. Under Access, select Kerberos for Authentication. If a Kerberos server is
not set up, that will also effectively block the authentication process.
7. Allow a maximum of 1 authenticated users; the GUI does not allow setting
this to 0. (We will later disable any authenticated users.)
8. Check the box to Enable anonymous access.
9. Determine a maximum number of anonymous users and enter the number
into the text field.
10. Uncheck the box for Enable MacBinary and disk image auto-conversion.
11. Click on the Messages tab.
12. Check the box for “Show Welcome Message” and enter a welcome message
in accordance with site policy.
53
UNCLASSIFIED