Opened 21 years ago

Last modified 10 years ago

#247 closed Bug report

Problems with GSS authentication

Reported by: mamoeller Owned by: Tim Kosse
Priority: normal Component: Other
Keywords: Cc: mamoeller, Tim Kosse
Component version: Operating system type:
Operating system version:


I tried to use Filezilla with a my gss module
( for
proftpd 1.2.8rc2 from cvs and it seems that after
the ADAT commands you issue immediatly a CWD
command which isn't allowed. Filezilla then tries
correctly to use the USER command and proftpd
returns a "331 Password required" which can be in
case of a successful ADAT a dummy password (The
internal structure of proftpd always requires a
password, although not necessary). But just here
Filezilla closes the connection. I assume it doen't
expect a 331 return code.


Status: Connecting to ...
Trace: ControlSocket.cpp(118):
OnAsyncGetHostByName(0, 56, 15)
Trace: FtpControlSocket.cpp(652): OnConnect(0)
Status: Connected with Waiting
for welcome message...
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 220 ProFTPD 1.2.8rc2 Server (ProFTPD
Default Installation) []
Trace: GSSApi.dll: GFtpDoAuth
(452, "", 1738637578, -
828276470, 14025606, 32768, 80, 16841580[0])
Trace: GSSApi.dll: Trying to authenticate to
Trace: GSSApi.dll: Status in line 871: 0, 0
Trace: GSSApi.dll: Status in line 901: 1, 0
Trace: GSSApi.dll: Status in line 901: 0, 0
Trace: GSSApi.dll: GSSAPI authentication succeeded
Command: CWD .
Trace: FtpControlSocket.cpp(527): OnReceive(0)
Response: 530 Please login with USER and PASS
Command: USER testuser
Trace: FtpControlSocket.cpp(708): DoClose(4)
Trace: FtpControlSocket.cpp(2680): ResetOperation
Error: Unable to connect!

Change History (7)

comment:1 by Tim Kosse, 21 years ago

I'll look into this

comment:2 by Tim Kosse, 21 years ago

It looks like the server is sending invalid data (in your case
Qcj6sTqeX6/aY+73060EA1/ifrB5F92zAI+Ubsg==), that's why
FileZilla closes the connection, that string is no valid FTP
Another reason would be that FileZilla did not decrypt the
message for any reason.. I've still no solution.

comment:3 by mamoeller, 21 years ago

I tested the daemon with the following clients:

MIT ftp client
Heimdal ftp client
Kermit 95
Hummingbird Excceds with Security extension

All seem to work with GSSAPI authentication and encryption.


comment:4 by mamoeller, 21 years ago

You can run proftpd with -d -n as a standalone server and get details about
the commands received and the replies send. From a tcpdump I see that the
response from proftpd start correctly with 631(ENC) or 632(MIC)
commands. I saw previously some problems with \r\n at the end of the


comment:5 by Tim Kosse, 21 years ago

I've found a bug in the receive GSS receive and decrypt code,
maybe that was causing the problems.
I've attached a fixed version, please tell me if it works.

comment:6 by Tim Kosse, 21 years ago

I've found a bug in the GSS receive code, maybe that was
causing the problems.
I've mailed you a fixed version of FileZilla. Please tell me it it
works for you.

comment:7 by Tim Kosse, 21 years ago


Note: See TracTickets for help on using tickets.