Article delegate-en/3360 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3359@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP Proxy TLS/AUTH problem
05 Jul 2006 13:17:03 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


In message <_A3359@delegate-en.ML_> on 07/05/06(21:56:59)
you Steve Brown <pd4gqbdyi-hugik5tjznxr.ml@ml.delegate.org> wrote:
 |Our Proxy was working really well, until we had reason to turn on TLS
 |support for FTP. Using DeleGate/9.2.3-pre8 (July 3, 2006).
 |
 |Starting the proxy with:
 |
 |#!/bin/bash
 |~delegate/delegated STLS=fcl -P21  SERVER=ftp CACHE=no\
...
 |to provide TLS, also appears to change the AUTH behaviour, so that any
 |user trying to connect to an external site gets a 534 AUTH first error:
 |
 | 220-extended FTP [MODE XDC][XDC/BASE64]
 | 220
 | Name (ftpproxy.qinetiq.com:sbrown): ftp@demon..uk
 | 534 do AUTH first.
 | Login failed.
 |
 |How can I get the behaviour with TLS enabled to be the same as it was
 |before?

Your option,

  STLS=fcl

requires all of its clients to be TLS enabled explicitly (by the
negotiation with AUTH TLS command) or implicitly.
To make TLS optional and accept both TLS and non-TLS clients, you
need to specify it as this:

  STLS=-fcl

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V