WU-FTPD 2.6.1 release notes (5900-1547, January 2011)
Table Of Contents
- WU-FTPD 2.6.1 release notes
- Contents
- 1 WU-FTPD 2.6.1 Release Notes
- Announcement
- What Is In This Version
- WU-FTPD 2.6.1 Features
- Support for TLS/SSL
- Cryptography Algorithm
- Prerequisites for Configuring the TLS/SSL Feature
- Certificates and Authorities
- Generating Certificates and Keys Using OpenSSL 0.9.7m
- Configuring a WU-FTPD TLS Server and an FTP Client
- Configuring an FTP Server in a TLS/SSL Environment
- Configuring an FTP Client in a TLS/SSL Environment
- Basic Configuration for Secured File Transfer
- Virtual FTP Support
- Setting up Virtual FTP Support
- Support for Virtual FTP
- Without ftpservers (4) File
- Usage
- The virtual address allow usernameand virtual address deny username directives
- The virtual address private directive
- The virtual address root path and virtual address banner path directives
- The virtual address logfile path directive
- The virtual address hostname string directive
- The virtual address root path and virtual address email string directives
- The virtual address incmail emailaddress directive
- The virtual address mailfrom emailaddress directive
- Usage
- With ftpservers(4) File
- Usage
- The virtual address allow username and virtual address deny username directives
- The virtual address private directive
- The root path directive
- The banner path directive
- The logfile path directive
- The hostname some.host.name directive
- The email emailaddress directive
- The incmail emailaddress directive
- The mailfrom emailaddress directive
- Usage
- Without ftpservers (4) File
- Setting up a Virtual FTP Server
- The privatepw Utility
- New Clauses in the /etc/ftpd/ftpaccess File
- Enabling the Identification Protocol (RFC 1413)
- New Feature Related to Data Transfer
- Field Added to the /var/adm/syslog/xferlog File
- Command-Line Options
- IPv6 Support
- HP-Specific Features
- Other Features
- Support for TLS/SSL
- Changed and Removed Features
- Compatibility and Installation Information
- Known Problems and Limitations
- Related Information
- Defects Fixed in This Release
NOTE: By default, the CA.pl script requests for a password to protect the private
keys. If you are protecting the password with a PEM passphrase, enable the ftpd
-z password=value option and set the appropriate password.
Configuring a WU-FTPD TLS Server and an FTP Client
This section addresses the following topics:
• “Configuring an FTP Server in a TLS/SSL Environment” (page 14)
• “Configuring an FTP Client in a TLS/SSL Environment” (page 15)
Consider the following points before configuring an FTP TLS server and an FTP client:
• You cannot use TLS security mechanism to secure third party file transfers (PROXY
transfer).
• TLS security mechanism does not use the TCP sendfile() API to transfer data
contents. Therefore, even if the sendfile() API is configured, the TLS security
mechanism overrides the configuration.
• The usetls, rsacert, rsakey, and CAfile are the minimum set of configuration
flags or options that must be enabled for securing FTP control connection using TLS.
This is also the minimum configuration that is sufficient for a user to login from an
FTP client provided the certificate sent by the FTP client is successfully verified by the
CA certificate loaded by the FTP server.
• If both the TLS/SSL and Kerberos security features are enabled in FTP, the TLS/SSL
feature obtain precedence over the Kerberos feature during logon. Therefore, the
user is prompted for the username and password even though Kerberos is enabled
in the system.
Configuring an FTP Server in a TLS/SSL Environment
To configure an FTP server in a TLS/SSL environment, complete the following steps:
1. Ensure that the OpenSSL software is installed in the system.
2. For the HP-UX 11i v2 operating system, the WU-FTPD 2.6.1 software bundle provides
the FTP product bundle and the SSL libraries as two independent products. So, ensure
that the ftp-ssl-ncf FTP TLS enhancement software is installed in the system. Run
the following command to ensure that the software is installed:
# swlist -l product | grep ftp-ssl-ncf
The following output is displayed if the software is installed in the system:
ftp-ssl-ncf B.11.23.01.001 ftp-ssl-ncf web release
14 WU-FTPD 2.6.1 Release Notes