SECOpen (Setting Data Security Protection)

The SECOpen IBM® i FTP client subcommand opens a secure control connection to an FTP server using the specified security option.

FTP client subcommand

SECOpen systemname [portnumber] [security_option ]

Note: SOpen is a synonym for SECOPEN.
systemname
Enter the name or Internet address of the remote system.
portnumber
Enter the port number for this connection.
Notes:
  • If this parameter is omitted and either (SSL or (Kerberos is specified, the port number 21 will be used.
  • If this parameter is omitted and (IMPLICIT is specified, then port number 990 is used.
  • If both the port number and the security_option are omitted, then port number 21 and (SSL are assumed.

security_option

Specify the type of security to be used.

(SSL
Uses a secure SSL connection to the FTP server. The AUTH (Authorization) server subcommand is used when making the connection.
(IMPLICIT
Uses an implicit SSL or TLS secure connection to the FTP server. An implicit SSL connection is made without sending the AUTH, PBSZ, and PROT server subcommands to the FTP server. In this case, the FTP server must be configured to expect an SSL/TLS connection negotiation to occur for the specified port number.

For the implicit SSL case, the FTP server acts in the same way as if the client has sent these subcommands with the parameters shown as follows:

  • AUTH SSL
  • PBSZ 0
  • PROT P
(KERBEROS
Uses a secure connection to FTP server with Kerberos authentication. The FTP control channel/ FTP data channel can be protected by setting different protection levels. The AUTH GSSAPI subcommand is sent to the server when making this connection. In this case, the parameter "portnumber" should be omitted.
Note: If the security option parameter is not specified, then "(SSL" will be assumed EXCEPT when the port number is 990. "(IMPLICIT" is assumed for port number 990. If the security option parameter is specified to "(KERBEROS", the parameter "portnumber" can be omitted, do not specified port number other than 21. If the security option parameter is specified to "(KERBEROS", protection level will be specified to CLEAR by default. User can change the protection level then by using secdata after the Kerberos authentication is accepted.