Sophie

Sophie

distrib > Mandriva > current > i586 > media > main-updates > by-pkgid > 3a8c16053ba0edc02dcb5ede99d10d9c > files > 6

proftpd-mod_gss-1.3.3g-0.1mdv2010.2.i586.rpm

<!-- $Id: mod_gss.html,v 1.13 2006/05/25 14:54:39 mamoeller Exp $ -->
<!-- $Source: /cvsroot/gssmod/mod_gss/mod_gss/mod_gss.html,v $ -->

<html>
<head>
<title>ProFTPD module mod_gss</title>
</head>

<body bgcolor=white>

<hr><br>
<center>
<h2><b>ProFTPD module <code>mod_gss</code></b></h2>
</center>
<hr><br>

This module is contained in the <code>mod_gss.c</code> file for ProFTPD 1.2 or higher,
and is not compiled by default.  Installation instructions are discussed <a href="#Installation">here</a>.

<p>
The project is hosted at <a href="http://sourceforge.net/projects/gssmod/"> Sourceforge.net </a> and the most current version of <code>mod_gss</code> can be found at:
<pre>
  <a href="http://prdownloads.sourceforge.net/gssmod/">http://prdownloads.sourceforge.net/gssmod/</a>
</pre>
<p>
<p>
Please report bugs to <a href="http://sourceforge.net/tracker/?atid=529593&group_id=70951&func=browse"> GSS module for proftpd: Bugs </a> <br>
Please report feature requests to <a href="http://sourceforge.net/tracker/?atid=529596&group_id=70951&func=browse"> GSS module for proftpd: Feature Requests</a> <br>
Please send patches to <a href="http://sourceforge.net/tracker/?atid=529595&group_id=70951&func=browse"> GSS module for proftpd: Patches</a> <br>

<h2>Author</h2>
<p>
Contact M M&ouml;ller &lt;markus_moeller <i>at</i> compuserve.com&gt; with any
questions, concerns, or suggestions regarding this module.
<p>

<h2>Directives</h2>
<ul>
  <li><a href="#GSSEngine">GSSEngine</a>
  <li><a href="#GSSLog">GSSLog</a>
  <li><a href="#GSSOptions">GSSOptions</a>
  <li><a href="#GSSRequired">GSSRequired</a>
  <li><a href="#GSSKeytab">GSSKeytab</a>
</ul>

<p>
<hr>
<h2><a name="GSSEngine">GSSEngine</a></h2>
<strong>Syntax:</strong> GSSEngine <em>on|off</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_gss<br>
<strong>Compatibility:</strong> 1.2.8 and later

<p>
The <code>GSSEngine</code> directive toggles the use of the GSS protocol
engine (<i>e.g.</i> <code>mod_gss</code>).  This is usually used inside a
<code>&lt;VirtualHost&gt;</code> section to enable GSS sessions for a
particular virtual host. By default <code>mod_gss</code> is disabled for both
the main server and all configured virtual hosts. 

<p>
<hr>
<h2><a name="GSSLog">GSSLog</a></h2>
<strong>Syntax:</strong> GSSLog <em>file</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_gss<br>
<strong>Compatibility:</strong> 1.2.8 and later

<p>
The <code>GSSLog</code> directive is used to specify a log file for
<code>mod_gss</code>'s reporting on a per-server basis.  The <em>file</em>
parameter given must be the full path to the file to use for
logging. If <em>syslog</em> is used as <em>file</em> then logging is
send to syslog.

<p>
<hr>
<h2><a name="GSSOptions">GSSOptions</a></h2>
<strong>Syntax:</strong> GSSOptions <em>opt1 ...</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_gss<br>
<strong>Compatibility:</strong> 1.2.8 and later

<p>
The <code>GSSOptions</code> directive is used to configure various optional
behavior of <code>mod_gss</code>.

<p>
Example:
<pre>
  AllowCCC - Allows CCC commands. 

  AllowFWCCC - Allows PORT and PASV only as clear commands for stateful firewalls. Needs special client patch.

  AllowFWNAT - Allows No Channel Binding to support Network Address Translation. Needs special client patch.
  NoChannelBinding - Allows No Channel Binding to support Network Address Translation. Needs special client patch.

  RequireSequenceProtection - Require sequence protection set on GSS encrypted packets

  RequireReplayProtection - Require replay protection set on GSS encrypted packets
</pre>

<p>
<hr>
<h2><a name="GSSRequired">GSSRequired</a></h2>
<strong>Syntax:</strong> GSSRequired <em>on|off|ctrl|data</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_gss<br>
<strong>Compatibility:</strong> 1.2.8 and later

<p>
The <code>GSSRequired</code> directive is used to define a basic security
policy, one that dictates whether the control channel, or data channel, or
both, of an FTP session must occur over GSS.

<p>
The <em>on</em> parameter enables GSS requirements on both control and
data channels; <em>off</em> disables the requirements on both channels.
Use <em>ctrl</em> and <em>data</em> to require GSS on either channel
individually.

<p>
Example:
<pre>
  # Require GSS on the control channel, so that passwords are not sent
  # in the clear.
  GSSRequired ctrl

  # Require GSS on both channels.
  GSSRequired on
</pre>

<p>
<hr>
<h2><a name="GSSKeytab">GSSKeytab</a></h2>
<strong>Syntax:</strong> GSSKeytab <em>file</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code>&lt;VirtualHost&gt;</code>, <code>&lt;Global&gt;</code><br>
<strong>Module:</strong> mod_gss<br>
<strong>Compatibility:</strong> 1.2.8 and later

<p>
The <code>GSSKeytab</code> directive is used to specify a Kerberos5 keytab file for
<code>mod_gss</code>'s Kerberos5 service key on a per-server basis.  The <em>file</em>
parameter given must be the full path to the file.

<p>
<hr><br>
<h2><a name="Usage">Usage</a></h2>
Much of the documentation for the GSSAPI applies to this module:
<pre>
  <a href="http://docs-pdf.sun.com/816-1331/816-1331.pdf">http://docs-pdf.sun.com/816-1331/816-1331.pdf </a>
</pre>

<p>
The Kerberos documentation, and its
<a
href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">FAQ</a>,
are recommended as well:
<pre>
  <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>
</pre>






<p>
A copy of RFC2228 describing <em>FTP Security Extensions</em> and of RFC1509
describing <em>Generic Security Service API : C-bindings</em> is
included with the source code for this module.

<p>
<hr><br>
<h2><a name="Installation">Installation</a></h2>
To install <code>mod_gss.c</code>, follow these instructions.  After unpacking
the tarball, run the <code>configure</code> script:
<pre>
  cd mod_gss
  ./configure
</pre>

<code>configure</code> will try to detect the supported GSS/Kerberos libraries automatically.
<p>
<pre>
If you wish <code>mod_gss</code> to use MIT GSS/Kerberos5, you'll want to use configure's --enable-mit option. (default if auto detect fails)
If you wish <code>mod_gss</code> to use Heimdal GSS/Kerberos5, you'll want to use configure's --enable-heimdal option.
If you wish <code>mod_gss</code> to use Sun SEAM GSS/Kerberos5, you'll want to use configure's --enable-seam option.
If you wish <code>mod_gss</code> to use IBM NAS GSS/Kerberos5, you'll want to use configure's --enable-nas option. 
</pre>
<p>
Now, copy after unpacking the latest proftpd-1.2 or higher source code the <code>mod_gss.h</code> file into:
<pre>
  <i>proftpd-dir</i>/include/
</pre>
and the <code>mod_gss.c</code> file into:
<pre>
  <i>proftpd-dir</i>/contrib/
</pre>
<p>
Then follow the normal steps for 
using third-party modules in proftpd: 
<pre>
  ./configure --with-modules=mod_gss
  make
  make install
</pre>or starting with proftpd 1.3
<pre>
  ./configure --enable-dso --with-shared=mod_gss 
  make
  make install
</pre>

You may need to specify the location of the GSS/Kerberos5 header and library files
in your <code>configure</code> command, <i>e.g.</i>:
<pre>
 ./configure --with-modules=mod_gss \
    --with-includes=/usr/local/include \
    --with-libraries=/usr/local/lib
</pre>or starting with proftpd 1.3
<pre>
  ./configure --enable-dso --with-shared=mod_gss \
    --with-includes=/usr/local/include \
    --with-libraries=/usr/local/lib
</pre>
<p>
To be able to use GSS/Kerberos5 add the following line to the
configuration file.
<pre>
 CommandBufferSize    1023
</pre>

<p>
If the Kerberos5 credential cache is bigger than 1023 bytes (e.g. when using Active Directory as kdc) compile
proftpd with --enable-buffer-size=<em>max cache size<em>

<p>
<hr><br>
Author: <i>$Author: mamoeller $</i><br>
Last Updated: <i>$Date: 2006/05/25 14:54:39 $</i><br>

<br><hr>

<font size=2><b><i>
&copy; Copyright 2002-2007 M M&ouml;ller<br>
 All Rights Reserved<br>
</i></b></font>

<hr><br>
<center>
<A href="http://sourceforge.net"> <IMG src="http://sourceforge.net/sflogo.php?group_id=70951&amp;type=5" width="210" height="62" border="0" alt="SourceForge.net Logo"></A> 
<!-- Begin Nedstat Basic code -->
<!-- Title: ProFTPD module mod_gss -->
<!-- URL: http://gssmod.sourceforge.net -->
<script language="JavaScript" src="http://m1.nedstatbasic.net/basic.js">
</script>
<script language="JavaScript">
<!--
  nedstatbasic("ACDUGwzeL2vzniAMJdUmtnbmaNlw", 0);
// -->
</script>
<noscript>
<a target="_blank" href="http://v1.nedstatbasic.net/stats?ACDUGwzeL2vzniAMJdUmtnbmaNlw"><img
src="http://m1.nedstatbasic.net/n?id=ACDUGwzeL2vzniAMJdUmtnbmaNlw"
border="0" nosave width="18" height="18"></a>
</noscript>
<!-- End Nedstat Basic code -->
</center>


</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional