SECOpen (Setting Data Security Protection)
The SECOpen IBM® i FTP client subcommand opens a secure control connection to an FTP server using the specified security option.
FTP client subcommand
SECOpen systemname [portnumber] [security_option ]
Note: SOpen is a synonym for SECOPEN.
- systemname
- Enter the name or Internet address of the remote system.
- portnumber
- Enter the port number for this connection.
Notes:
- If this parameter is omitted and either (SSL or (Kerberos is specified, the port number 21 will be used.
- If this parameter is omitted and (IMPLICIT is specified, then port number 990 is used.
- If both the port number and the security_option are omitted, then port number 21 and (SSL are assumed.
security_option
Specify the type of security to be used.
- (SSL
- Uses a secure SSL connection to the FTP server. The AUTH (Authorization) server subcommand is used when making the connection.
- (IMPLICIT
- Uses an implicit SSL or TLS secure connection to
the FTP server. An implicit SSL connection is made without sending
the AUTH, PBSZ, and PROT server subcommands to the FTP server. In
this case, the FTP server must be configured to expect an SSL/TLS
connection negotiation to occur for the specified port number.
For the implicit SSL case, the FTP server acts in the same way as if the client has sent these subcommands with the parameters shown as follows:
- AUTH SSL
- PBSZ 0
- PROT P
- (KERBEROS
- Uses a secure connection to FTP server with Kerberos authentication. The FTP control channel/ FTP data channel can be protected by setting different protection levels. The AUTH GSSAPI subcommand is sent to the server when making this connection. In this case, the parameter "portnumber" should be omitted.
Note: If the security option parameter is not specified,
then "(SSL" will be assumed EXCEPT when the port number is 990. "(IMPLICIT"
is assumed for port number 990. If the security option parameter is
specified to "(KERBEROS", the parameter "portnumber" can be omitted,
do not specified port number other than 21. If the security option
parameter is specified to "(KERBEROS", protection level will be specified
to CLEAR by default. User can change the protection level then by
using secdata after the Kerberos authentication is accepted.