Add FW support for kerberised ftp
|Reported by:||mamoeller||Owned by:|
|Component version:||Operating system type:|
|Operating system version:|
To allow kerberised ftp through a stateful firewall the (E)
PORT and (E)PASV command must be send in cleartext.
Can you add an option to allow the transfer of these
commands only as cleartext. There is an example
client/server implementation at
I know it lowers the security somewhat but is better
then opening all high ports on the firewall.
To support further Network Adress Translation on the
firewall channel binding as to be removed. Could you add
another option on the client/server to set the channel
binding to GSS_NO_CHANNEL_BINDINGs. The above
implementation has this implemented.