ftpd.1m (2010 09)
f
ftpd(1M) ftpd(1M)
AUTH SSL command. This flag is provided for clients that expect a
334
response for an AUTH SSL command. By default, this flag is not set.
certsok
Configures ftpd to NOT check the CA certificate and CRL certificate for the
FTP client presented certificate. HP recommends to not enable this flag. This
flag is provided only for debugging purpose. By default, this flag is not set.
clientcert
Configures ftpd to force user authentication either through client certificates
or Kerberos authentication. This flag also enables the
authmode=client_must option. By default, this flag is not set.
logalldata
Configures ftpd to log the cipher information of all secured connections in
the syslog file. This flag can be used only if the
-z debug option is set to
the value 2.
protect_user/tlsonly
Configures ftpd to accept the
USER command only in a secured control con-
nection. If this flag is set,
USER
commands received on an unsecured or clear
connection are not processed. By default, this flag is not set.
tlsdata
Configures ftpd to disallow transmission of data on data connections that are
not protected by TLS. By default, this flag is not set.
usetls
Configures ftpd to support and enable TLS security mechanisms. By default,
this flag is not set.
-z option =value
Specifies the following TLS configuration options supported by ftpd. More than
one -z option can be specified on the command line.
CAfile=file
Specifies the file containing the Certificate Authority in PEM format. This file
verifies the client certificates. There is no default value for this option.
CApath=dir
Specifies the directory containing CA certificates in PEM format and their
corresponding hashes. There is no default value for this option.
authmode=OPTION
Specifies whether ftpd should request FTP client certificate during TLS
negotiation. The value of OPTION can be one of the following:
server ftpd does not request the FTP client certificate. Therefore,
only ftpd will send its certificate during TLS negotiation.
client_can ftpd requests the FTP client certificate, and ftpd will
continue if the FTP client certificate is not presented.
client_can is the default value of OPTION.
client_must ftpd requests for FTP client certificate, and the TLS nego-
tiation will fail if the FTP client certificate is not presented.
cert/rsacert=file
Specifies the file in PEM format that contains RSA certificate for ftpd. The
default value is /etc/ftpd/security/ftpd-rsa-cert.pem.
certpass=OPTION
Specifies more authentication options for a TLS session. This option affects
the behavior of the PASS command when the session is client authenticated.
The value of OPTION can be one of the following:
certok ftpd will not request a password only if the certification
verification is successful.
certok is the default value of OPTION.
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3