Use
the SECURE_FTP statement to specify whether use of a security mechanism
is optional or required.
Syntax
.-SECURE_FTP ALLOWED-------.
>>-+--------------------------+--------------------------------><
'-SECURE_FTP--+-ALLOWED--+-'
'-REQUIRED-'
Parameters
Configuring an FTP server
- REQUIRED
- Specifies that all clients log in using a security mechanism.
Rules: - If the server is enabled for TLS only, clients must log in using
TLS.
- If the server is enabled for Kerberos only, clients must log in
using Kerberos.
- If the server is enabled for both TLS and Kerberos, clients must
log in using either TLS or Kerberos.
- ALLOWED
- Allows clients to log in using a security mechanism, but it is
not required.
Rules: - If the server is enabled for TLS only, clients must log in using
TLS or no securiy mechanism.
- If the server is enabled for Kerberos only, clients must log in
using Kerberos or no security mechanism.
- If the server is enabled for both TLS and Kerberos, clients must
log in using TLS, Kerberos, or no security mechanism.
Configuring an FTP client
- REQUIRED
- Specify that a client log in must use a security mechanism. If
the server does not support the client's security mechanism, the login
fails and the client cannot log in.
Rules: - If the client's security mechanism is TLS, clients must log in
using TLS.
- If the client's security mechanism is Kerberos, clients must log
in using Kerberos.
- ALLOWED
- Allow the client to log in using a security mechanism, but it
is not required.
Rules: - If the client's security mechanism is TLS, clients must log in
using TLS. If the server does not support TLS, the server indicates
this back to the client. The client then completes the log in, but
without using TLS.
- If the client's security mechanism is Kerberos, clients must log
in using Kerberos. If the server does not support Kerberos, the server
indicates this back to the client. The client then completes the log
in, but without using Kerberos.
Examples
SECURE_FTP ALLOWED
Usage notes
- If the FTP server used the secure port, the server behaves as
if the value on this statement is required. See TLSPORT (FTP client and server) statement for information about the
secure port.
- This statement is valid for FTP servers if either EXTENSIONS AUTH_TLS
or EXTENSIONS AUTH_GSSAPI is specified.
- This statement is valid for FTP clients if either SECURE_MECHANISM
TLS or SECURE_MECHANISM GSSAPI is specified.