Administration Reference

ftpd (AFS version)

Purpose

Initializes the Internet File Transfer Protocol server

Synopsis

ftpd  [-d]  [-l]  [-t <timeout>]  [-v]  [-T <MaxTimeOut>]  [-u]  [-s]

Description

The AFS-modified ftpd program functions like the standard UNIX ftpd program, but also authenticates the issuer of the ftp command (who is presumably working on a remote machine) with the Authentication Server in the local cell (the home cell of the machine where the ftpd process is running, as defined in the local /usr/vice/etc/ThisCell file). The authentication is based on the user name and password provided at the ftp> prompts on the remote machine. The Cache Manager on the machine running the ftpd process stores the newly created token, identifying it by process authentication group (PAG) rather than by the user's UNIX UID.

The issuer of the ftp command can be working in a foreign cell, as long as the user name and password provided are valid in the cell where the ftpd process is running. If the user name under which the ftp command is issued does not exist in the Authentication Database for the cell where the ftpd process is running, or the issuer provides the wrong password, then the ftpd process logs the user into the local file system of the machine where the ftpd process is running. The success of this local login depends on the user name appearing in the local password file and on the user providing the correct local password. In the case of a local login, AFS server processes consider the issuer of the ftp command to be the user anonymous.

In the recommended configuration, the AFS version of the ftpd process is substituted for the standard version (only one of the versions can run at a time). The administrator then has two choices:

• Name the binary for the AFS version something like ftpd.afs, leaving the standard version as the ftpd process. Change the inetd.conf configuration file to refer to the ftpd.afs file rather than to the standard version.

• Rename the binary for the AFS version to the standard name (such as ftpd) and rename the binary for the standard version to something like ftpd.orig. No change to the inetd.conf file is necessary, but it is not as obvious that the standard version of the ftpd process is no longer in use.

Cautions

The AFS distribution does not include an AFS-modified version of this command for every system type. On system types that use an integrated authentication system, it is appropriate instead to control the ftpd daemon's handling of AFS authentication through the integrated system. For example, on system types that use the Pluggable Authentication Module (PAM), add an ftpd entry that references the AFS PAM module to the PAM configuration file. For instructions on incorporating AFS into a machine's integrated authentication system, see the IBM AFS Quick Beginnings.

Some system types impose the following requirement. If the issuer of the ftp command on the remote machine is using a shell other than /bin/csh, then the /etc/shells file on the local disk of the machine being accessed (the machine running the ftpd process) must include an entry for the alternate shell.

Options

-d

Directs debugging information to the system log daemon.

-l

Directs each FTP session to be logged to the system log daemon.

-t

Specifies a timeout period. By default, the FTP server will timeout an inactive session after 15 minutes.

-v

Same as -d.

-T

Specifies a timeout period in seconds. By default, the FTP server will timeout after 2 hours (7200 seconds).

-s

Turns on socket level debugging. Do not use this flag. It is valid only on an operating system level that AFS does not support.

-u

Specifies the default UNIX mode bit file mask to use.

Privilege Required

See the UNIX manual page for the ftpd process.

Related Information

UNIX manual page for ftp

UNIX manual page for ftpd

IBM AFS Quick Beginnings