[SUMMARY] WU-ftpd and Enhanced Security

From: Joana Peres <jperes_at_garfield.fe.up.pt>
Date: Mon, 25 Mar 96 12:11:48 +0100

Thanks to all that answered me!

My original question was:

I have an DecAlpha with OSF/1 Versao 3.0 with C2 security and I
compiled the wu-ftpd-2.4.2-beta-9 and it works fine for Anonymous FTP.
But for real users the access are denied, because the wu-ftpd doesn't use de
C2 security.(The passwords are not in the /etc/passwd).

============================================================================
These are the solutions:

1) (This is an answer from someone from an wu-ftpd mailing list)
This is the answer that I implement and it worked fine!

I made some smaller changes to ./src/config/config.osf

/* Following defined to support OSF/1 C2 security */
/* Tom Lange, Dan Net A/S */
/* Denmark, marts 1996 */
/* TLA hack */
#define SecureWare
#include <sys/secdefines.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>

and the following to ./src/makefiles/Makefile.osf

LIBES = -lsupport -lsecurity -laud

That made it work ! But the code included with SecureWare pragma only
supports 8 byte passwords. That problem am i working on.

regards Tom(tla_at_dannet.dk)
---------------------------------------------------------------------
2)
You need to modify the source code to use the C2 password database.
This is not a very difficult process (once you know what you're
doing!).

Instead of using the getpwnam() call, you must use the getprpwnam()
call (with its associated pr_passwd data structure); and you you
should use bigcrypt() instead of crypt(). The bigcrypt() call is
undocumented but works exactly like crypt().

In addition, before any calls are made to getpwnam(), so nomally in
the main() routine, you need to call set_auth_parameters().

Let me know if you need more information, or I could even send you my
modified sources (though they are for plain 2.4 if I remember right).

Richard Rogers
Information Technology Services
Staffordshire University
Tel: 01785 (+44 785) 353395
E-mail: R.M.Rogers_at_staffs.ac.uk or ittrmr_at_staffs.ac.uk
---------------------------------------------------------------
3)
Well unless you can find a port that has allready been done for the
enhanced security, you'll need to find the ccode in wu-ftpd that
contains the getpwuid()/getpwnam() routines and change them to the
getprpwuid/getpr pwnam routines. there's some documentation about
this in the System Administration manual.

Richard A. Muirden, Systems & Network Administration / Webmaster /
Fanatic :) RMIT Information Technology Services (ITS) *UNIX* email:
richard_at_rmit.edu.au I like: Boeing, United(UA), Ansett(AN), Vodka, Trek, 'phone: (+61 3) 9660 3814 Shostakovich. Shost CD's I own: 123. Web: http://www.rmit.edu.au/richard
------------------------------------------------------------------
Received on Mon Mar 25 1996 - 12:25:11 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:46 NZDT