gssapi and CCC command
Glen Matthews
glen at montreal.hcl.com
Thu Apr 11 17:13:34 EDT 2002
Hi,
i'm writing an ftp client using the gssapi with kerberos, and am somewhat
puzzled by the CCC command behaviour.
basically, when i enable clear channel commands using CCC, it is accepted
with a 200-level message. i can enter various commands (notably PBSZ, PROT -
these seem to work ok). however, when i try to enter something else (like a
pwd) i get a 500 level message requiring a login before commands. ok. that
sort of fits - without enabling CCC, i need to send a login (encrypted) and
i get back a message stating that i've been authenticated.
when i try to issue a user command, i get this:
331 GSSAPI user "xxx at REALM" is not authorized as "xxx"; Password required
which is fine - "xxx at REALM" is the kerberos principal logging in, and xxx is
the userid on the target system. when the pass command is issued (with the
correct password even), i get 530 login incorrect.
any ideas? is this a config problem with the kerberized ftpd? or a problem
implementing the security protocol?
glen
More information about the Kerberos
mailing list