Use the SECURE_FTP statement to specify whether use of a security mechanism is optional or required.
Syntax
.-SECURE_FTP ALLOWED-------. >>-+--------------------------+-------------------------------->< '-SECURE_FTP--+-ALLOWED--+-' '-REQUIRED-'
Parameters
Configuring an FTP server
- REQUIRED
- Specifies that all clients log in using a security mechanism. Rules:
- If the server is enabled for TLS only, clients must log in using TLS.
- If the server is enabled for Kerberos only, clients must log in using Kerberos.
- If the server is enabled for both TLS and Kerberos, clients must log in using either TLS or Kerberos.
- ALLOWED
- Allows clients to log in using a security mechanism, but it is
not required. Rules:
- If the server is enabled for TLS only, clients must log in using TLS or no securiy mechanism.
- If the server is enabled for Kerberos only, clients must log in using Kerberos or no security mechanism.
- If the server is enabled for both TLS and Kerberos, clients must log in using TLS, Kerberos, or no security mechanism.
Configuring an FTP client
- REQUIRED
- Specify that a client log in must use a security mechanism. If
the server does not support the client's security mechanism, the login
fails and the client cannot log in. Rules:
- If the client's security mechanism is TLS, clients must log in using TLS.
- If the client's security mechanism is Kerberos, clients must log in using Kerberos.
- ALLOWED
- Allow the client to log in using a security mechanism, but it
is not required. Rules:
- If the client's security mechanism is TLS, clients must log in using TLS. If the server does not support TLS, the server indicates this back to the client. The client then completes the log in, but without using TLS.
- If the client's security mechanism is Kerberos, clients must log in using Kerberos. If the server does not support Kerberos, the server indicates this back to the client. The client then completes the log in, but without using Kerberos.
Examples
SECURE_FTP ALLOWEDUsage notes
- If the FTP server used the secure port, the server behaves as if the value on this statement is required. See TLSPORT (FTP client and server) statement for information about the secure port.
- This statement is valid for FTP servers if either EXTENSIONS AUTH_TLS or EXTENSIONS AUTH_GSSAPI is specified.
- This statement is valid for FTP clients if either SECURE_MECHANISM TLS or SECURE_MECHANISM GSSAPI is specified.