Article delegate-en/816 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: authentication for ftp proxy?
31 May 2000 06:00:04 GMT (Yutaka Sato)

On 05/30/00(04:33) you Paul Reilly <> wrote
in <>
 |My telnet proxy works with the command
 |./delegated -P6000 SERVER=telnet AUTHORIZER="localhost" ....
 |this is great and won't let anyone telnet through the proxy unless they
 |have an account on the proxy server /etc/passwd.
 |I ahve set up the ftp server the same way, but it seems to let anyone
 |through? How do I get it to authenticate against the local /etc/passwd?
 |It seems to only have options for anon-ftp?

The main cause of the difficulty to implement it in FTP is that the FTP
protocol has no concern with "proxy server", thus there is no official
way to make authentication/authorization about usage of a proxy server.

The situation is similar in Telnet except that the Telnet protocol
is like a raw bidirectionally communication channel thus any dialogue
for extra authentication can be introduced as user defined data without
extending the protocol, that is, using existing client programs.

The difficult situation in FTP is non-anonymous access to target FTP
server with proxy-authorization.  We must specify two set of user-name
and pass-word for the target FTP server and the FTP-DeleGate.  Both
passwords should be given hidden at client's display, but there seems
be no natural way to do so based on FTP protocol, though I've thought
several unnatural solutions...

By the way, I noticed that Telnet-DeleGate do echo the password for
proxy-authentication since DeleGate/6.1.3.  I'll fix it as enclosed.

Yutaka Sato <>   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

*** ../../delegate6.1.11/src/telnet.c	Mon Apr 17 18:49:40 2000
--- ./telnet.c	Wed May 31 14:41:29 2000
*** 503,508 ****
--- 503,520 ----
  		timeout = LOGIN_TIMEOUT * 1000 * 4;
  	else	timeout = LOGIN_TIMEOUT * 1000;
+ 	/*
+ 	 * "Password:" for proxy-authorization should be hidden.
+ 	 * To do so, DeleGate must notify that I WILL DO FULL DUPLEX ECHO
+ 	 * to the client. (This had been the default before 6.1.3)
+ 	 */
+ 	if( !visible ){
+ 		if( ClientsDO[O_ECHO] != DO && ClientsWill[O_ECHO] != WONT )
+ 			putIAC(tc,WILL,O_ECHO);
+ 		if( ClientsDO[O_SUPAHEAD] != DO )
+ 			putIAC(tc,WILL,O_SUPAHEAD);
+ 	}
  		if( fflush(tc) == EOF )

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]