Hi! On Tue, Nov 07, 2000 at 07:42:28PM -0500, Rob Cotrone wrote:
Thanks for the update.
I have another situation which is possibly a feature enhancement.
Our HP-UX server is going to be moving to our new data center. We were planning on using this proxy to forward the stragglers from the internet that have hard coded IP addressee instead of the host names within their scripts.
I'm not sure if you are familiar with HP-UX's older FTPD.
No.
It had a mode where the remote user would login anonymously. I.E> Anonymous or FTP with email address. Then issue another user statement which would read a local password file and login with the user definitions of that passwd entry.
You can do this also with proftpd - http://proftpd.net/. There is a nice Feature DefaultRoot that enables you to do a chroot for users in specified groups. Because proftpd doesn't use external binaries, you do not need any libs, devices,... in the users directory (-> better than wuftpd). Proftpd can use external password files and LDAP (and DBs).
When using the proxy it seems that every 'user' command is intercepted and a brand new connection is established.
The proxy opens the connection to the server after the username is known (because of MagicUser and transparent proxy feature).
This is good for the local user security feature within the ftp-proxy.conf file, but breaks the login procedure with the HP-UX ftpd daemon.
I do not really understand what the HP-UX ftpd needs... Does it handle more than one user via one control socket or reuse the socket for next users?
It is not uncommon for firewalls to be configured like that also. In fact I've working with some people from Citibank that have to logon to a firewall then issue the user command for the remote destination like the magic user facility within the ftp-proxy code.
You mean like the ftp-proxy from TIS toolkit?
I looked at the code and it looks very neat and well thought out. However, I'm not the greatest C Programmer in the world.
How difficult would it be to add this feature?
I do not realy understand what you need.
Can it be done, If so where?
This is a kind of "special feature" I mean... If it is possible to implement it (i mean it is :-), you can implement it yourself or contact our professional services (solutions@suse.de) and they can do it for you.
if you are willing to add this feature and need a host to test it on, I can give you access to one of our test accounts.
I've no time to implement all feature request, sorry!
If you do not feel it worthwhile, please let me know and I will farm it out internally.
Again, thanks for such great work. I've convinced my boss to purchase a copy of SUSE Linux just because we are using this package.
Oh, that's a nice idea - you can try out SuSE Linux :-)
At this point I'm going to subscribe to the mailing list. Yeah... I'm at the web page.. Reading TFM....
:-)
cu,
Marius Tomaschewski
participants (1)
-
Marius Tomaschewski