Kerberos with FileZilla
Jeffrey Altman
jaltman at secure-endpoints.com
Sun Jun 17 14:51:45 EDT 2007
Diego Pignedoli wrote:
> The identity is the default identity.
> I think it's not so easy as I think and I am missing some particular
> setting.
> Do I have to create a principal also for the service ftp or only for
> the identity who is logging?
>
> That is what I did:
> i) I activated ftp server service and set the firewall to permit
> inbound traffic on ftp ports
> ii) i installed the NIM and activated the kerberos support service
> from windows services
> iii) i did all the settings i have been asked from NIM
>
> But when I test the filezilla with gss i get that msg.
> I am really confused!
>
> Diego
There has to be a service principal for the FTP service. Otherwise,
there is nothing for the client to authenticate to.
Typically, if the "ftp" service is on the machine "foo.bar.com" in realm
BAR.COM then the FTP service principal will be
"ftp/foo.bar.com at BAR.COM". This principal must exist in the BAR.COM
database and the key for the principal must be installed in the keytab
configured for use by the FTP service.
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070617/a793f516/attachment.bin
More information about the Kerberos
mailing list