WU-FTPD 2.6.1 release notes (5900-1547, January 2011)
Table Of Contents
- WU-FTPD 2.6.1 release notes
- Contents
- 1 WU-FTPD 2.6.1 Release Notes
- Announcement
- What Is In This Version
- WU-FTPD 2.6.1 Features
- Support for TLS/SSL
- Cryptography Algorithm
- Prerequisites for Configuring the TLS/SSL Feature
- Certificates and Authorities
- Generating Certificates and Keys Using OpenSSL 0.9.7m
- Configuring a WU-FTPD TLS Server and an FTP Client
- Configuring an FTP Server in a TLS/SSL Environment
- Configuring an FTP Client in a TLS/SSL Environment
- Basic Configuration for Secured File Transfer
- Virtual FTP Support
- Setting up Virtual FTP Support
- Support for Virtual FTP
- Without ftpservers (4) File
- Usage
- The virtual address allow usernameand virtual address deny username directives
- The virtual address private directive
- The virtual address root path and virtual address banner path directives
- The virtual address logfile path directive
- The virtual address hostname string directive
- The virtual address root path and virtual address email string directives
- The virtual address incmail emailaddress directive
- The virtual address mailfrom emailaddress directive
- Usage
- With ftpservers(4) File
- Usage
- The virtual address allow username and virtual address deny username directives
- The virtual address private directive
- The root path directive
- The banner path directive
- The logfile path directive
- The hostname some.host.name directive
- The email emailaddress directive
- The incmail emailaddress directive
- The mailfrom emailaddress directive
- Usage
- Without ftpservers (4) File
- Setting up a Virtual FTP Server
- The privatepw Utility
- New Clauses in the /etc/ftpd/ftpaccess File
- Enabling the Identification Protocol (RFC 1413)
- New Feature Related to Data Transfer
- Field Added to the /var/adm/syslog/xferlog File
- Command-Line Options
- IPv6 Support
- HP-Specific Features
- Other Features
- Support for TLS/SSL
- Changed and Removed Features
- Compatibility and Installation Information
- Known Problems and Limitations
- Related Information
- Defects Fixed in This Release
sign other certificates, by signing the public key of a requesting body, such as your
server, with the private key. The trust in identity is transitive, because the CA is recognized
by all the involved parties as authoritative: "I trust the CA, and the CA says that it is you,
so it must be true."
Certificates can be revoked because of expiration or compromise in security. To do this,
the issuing body provides a certificate revocation list (CRL) that identifies the certificates
to be invalidated. This is also trusted because strong proof is provided through the trust
mechanisms.
Certificates are available in different formats, though Privacy Enhanced Mail (PEM) is
the most widely used format. The PEM encoding is an ASCII text representation of the
binary data in the ASN.1 format. The X.509 standard defines the distinguished name
(DN) format used in these certificates.
A certificate contains the following information that accompanies the cryptographic keys:
• Common name (CN) being certified
• Organization (O) associated
• Organizational unit (OU), such as a department within an organization
• City or location (L) where an organization is located
• State or province (SP) where the city is located
• Country (C) in the International Organization for Standardization (ISO) format (such
as U.S.)
The DN is a combination of the different certificate information. The PEM-encoded
certificate contains this information along with the DN of the issuer, the validity period
of the certificate, various administration information, such as a serial number of the
certificate, and any other required information, such as Netscape-specific tags. These
certificates are used to establish the identity and trustworthiness of the presenter, such
as a server or a client. These certificates are also used to authenticate the connecting
party and to take appropriate action, such as allowing a connection to proceed, and
mail relaying, or entry into a network. You can either use the commercial TLS/SSL
certificates (certs) to verify the identity of the WU-FTPD 2.6.1 server, or create your own
certificates for the WU-FTPD 2.6.1 servers.
Generating Certificates and Keys Using OpenSSL 0.9.7m
The FTP client in an HP-UX operating system (HP-UX FTP) is compatible only with standard
X.509 certificates in PEM format. HP-UX FTP supports certificates of the following
encryption types:
• Rivest Shamir Adleman (RSA) encryption
• Digital Signature Algorithm (DSA) encryption
WU-FTPD 2.6.1 Features 9