WU-FTPD 2.6.1 release notes (5900-1547, January 2011)
Table Of Contents
- WU-FTPD 2.6.1 release notes
- Contents
- 1 WU-FTPD 2.6.1 Release Notes
- Announcement
- What Is In This Version
- WU-FTPD 2.6.1 Features
- Support for TLS/SSL
- Cryptography Algorithm
- Prerequisites for Configuring the TLS/SSL Feature
- Certificates and Authorities
- Generating Certificates and Keys Using OpenSSL 0.9.7m
- Configuring a WU-FTPD TLS Server and an FTP Client
- Configuring an FTP Server in a TLS/SSL Environment
- Configuring an FTP Client in a TLS/SSL Environment
- Basic Configuration for Secured File Transfer
- Virtual FTP Support
- Setting up Virtual FTP Support
- Support for Virtual FTP
- Without ftpservers (4) File
- Usage
- The virtual address allow usernameand virtual address deny username directives
- The virtual address private directive
- The virtual address root path and virtual address banner path directives
- The virtual address logfile path directive
- The virtual address hostname string directive
- The virtual address root path and virtual address email string directives
- The virtual address incmail emailaddress directive
- The virtual address mailfrom emailaddress directive
- Usage
- With ftpservers(4) File
- Usage
- The virtual address allow username and virtual address deny username directives
- The virtual address private directive
- The root path directive
- The banner path directive
- The logfile path directive
- The hostname some.host.name directive
- The email emailaddress directive
- The incmail emailaddress directive
- The mailfrom emailaddress directive
- Usage
- Without ftpservers (4) File
- Setting up a Virtual FTP Server
- The privatepw Utility
- New Clauses in the /etc/ftpd/ftpaccess File
- Enabling the Identification Protocol (RFC 1413)
- New Feature Related to Data Transfer
- Field Added to the /var/adm/syslog/xferlog File
- Command-Line Options
- IPv6 Support
- HP-Specific Features
- Other Features
- Support for TLS/SSL
- Changed and Removed Features
- Compatibility and Installation Information
- Known Problems and Limitations
- Related Information
- Defects Fixed in This Release
keys to authenticate the server and, if required, the client, and to provide session-level
encryption and confidentiality for the entire session.
• Hash algorithms. These algorithms are a set of one-way functions that accept a
variable length input, and, after mathematical processing, produce a fixed length
output. The transformations of the data produce a fingerprint of the input. The minor
changes to the input appear as large changes in the output. Popular hash algorithms
include SHA-1, MD5, and RIPEMD.
Hash algorithms are used for integrity checking; that is, to ensure that data is not
tampered during transmission.
Prerequisites for Configuring the TLS/SSL Feature
Following are the prerequisites for configuring the TLS/SSL feature:
• The OpenSSL software
OpenSSL is an open source product that offers a general purpose cryptography
library and implementation of the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols. OpenSSL is tested and supported on different
HP-UX operating systems. OpenSSL A.00.09.07m is the latest version of OpenSSL
available on the HP-UX 11i v2 operating system. It is available to download at:
http://www.software.hp.com
The release notes for OpenSSL A.00.09.07m is available at:
www.hp.com/go/hpux-security-docs. On this page, select HP-UX OpenSSL Software.
• The WU-FTPD 2.6.1 TLS enhancement bundle
The FTP-TLS enhancement bundle, ftp-ssl-ncf, contains TLS enhancement libraries
for the FTP client and server. The ftp(1) client and the ftpd(1M) server use these
enhancement libraries with OpenSSL to perform security operations.
Certificates and Authorities
A certificate is a collection of information that uniquely identifies a client or a server. It
includes descriptive fields, such as the name of an organization and its location, and
cryptographic information, such as keys and signatures.
The private key of an asymmetrical key pair can be used to sign the content that, when
decrypted using the public key, establishes the signature. This signature can be used to
offer proof of identity. The public key infrastructure (PKI) uses a hierarchy of trustworthiness
for the validation of identities, in addition to signing certificates and keys. This is in
contrast to the web of trust used in pretty good protection (PGP), which has no central
authority.
The central authority in a PKI issues a Certificate Authority (CA), a definitive certificate
that contains the information and the public key of the server. This CA can be used to
8 WU-FTPD 2.6.1 Release Notes