[SLUG] FTP

Sat Oct 26 00:10:01 BST 2002

>Al wrote:
>Will wrote:
> > ftp is a very old protocol and is increasingly frowned upon because > > 
>-- like telnet -- it sends unencrypted passwords down the wire which > > 
>can easily be captured by somebody-else-who-may-be-up-to-no-good. > 
>However, for stuff like anonymous transfers it is rather good.
>What alternative do you suggest?
Well, this depends. If you are downloading stuff from the net, ftp is fine. 
The username and password would be something like anonymous/bert at nospam.com 
or whatever.

I have DSL connected to the internet alot and I tend to fairly paranoid 
about computers, so I've set up a firewall and I will only allow transfers 
and logins to that using ssh and scp.

There is also another problem with ftp which *if* you use iptables to then 
there are some funnies about tracking ftp connections.

>So I'm seeing a response from the ftp server, telling me that neither 
>GSSAPI or KERBEROS are accepted as encryption devices?
I would phrase this slightly differently. Your ftp client is trying to talk 
and authenticate to the ftp server using GSSAPI and KERBEROS. The  server 
doesn't understand and won't send back the kind of data that the ftp program 
is happy with. I'm not sure what happens now. Either this is a whinge -- 
which is annoying -- or it tells you to get stuffed -- in the nicest 
possible kind of way. Which is more than annoying.

>I'm using the ftp programme that came as standard with Mandrake 8.2.  >by 
>looking in the software manager with the result, 
> >ftp-client-krb5-1.2.2-17mdk.
For me, that now makes it clear. Your ftp client is built with krb or 
kerberos support and instead something like:
>ftp ftp.eff.org
You are connected to ftp.eff.org
Enjoy!
Username:
followed by the password prompt and where everything you type is open to 
view, it is trying other types authentication first.

>Whatever it is I type ftp at the command line and I'm away! :)
Cool.

My version of the ftp client is ancient -- about five years old -- and is 
compiled from netkit-ftp. I suppose what I am saying is that the kerberos 
stuff is an addition to what I would expect to see.

>Does this give you something to work on.
Yes. Thanks.

>I was thinking of an ftp config file of some type.  I imagine that the >ftp 
>client can be altered in various ways from the config file.
I really don't know. My take on this is that it is the kerberos services 
that you need to configure and -- since this is an MIT written system, those 
jolly fellows who gave us X window and other such simple protocols -- this 
may not be a trivial task. I don't know how to do this, although don't take 
my lack of knowledge as any great indication of difficulty, for I am both 
stupid and lazy.

Having tried a quick google I found stuff about kerberos like 
www.pdc.kth.se/kth-krb/doc/kth-krb_2.html#SEC2 on here 
www.pdc.kth.se/kth-krb.

>I'm not even sure that this is a problem.  It just seems to be a form >of 
>error message and I hoped to correct whatever is wrong.
The big question is now, despite all the whinging, can you connect to other 
sites OK? I tried the URL's you gave me and for anonymous connections they 
worked find. If you can do what you need to do, although annoying, I would 
try and live with it for a bit longer. Or install a non-krb version of the 
ftp client. I would have thought Mandrake would have one somewhere!

Hope this is of some little comfort.

:)w

_________________________________________________________________
Choose an Internet access plan right for you -- try MSN! 
http://resourcecenter.msn.com/access/plans/default.asp