Since everyone didn't feel comfortable running proftpd on their servers, there's now an alternative. I have made a port of the OpenBSD 2.7 ftpd server and added the TLS code. For Linux, I have added shadow password file support, but note that there's no PAM support (yet anyway). Tested on Linux and OpenBSD, test reports on other systems welcome! Available at: ftp://ftp.runestig.com/pub/ftpd-tls/ X509 client authentication -------------------------- Support for user authentication is possible through the custom function int x509_to_user(X509 *peer_cert, char *userid, int len) in the file x509_to_user.c, and by a .tlslogin file in the user's home directory. o tls_userid_from_client_cert() is called and returns a user id or NULL. tls_userid_from_client_cert() calls the site specific function x509_to_user(). o If the user name, set by the USER command, equals the user id mapped from the client cert, the user is logged right in. o If "USER" differ from the user id mapped from the client cert the function tls_is_user_valid() is called to check "USER"'s ~/.tlslogin file. That file, if it exist, contains one or more X509 certificates in PEM for- mat. If the client cert is present in the file, the user is logged right in. o If tls_userid_from_client_cert() can't map a user id from the client cert, tls_is_user_valid() is called to check "USER"'s ~/.tlslogin file. If the client cert is present in the file, the user is logged right in. The client is based on the ftp client code in OpenBSD 2.7 <http://www.openbsd.org/>. Tested on Linux and OpenBSD, test reports on other systems welcome! Available at: ftp://ftp.runestig.com/pub/ftp-tls/ Cheers, Peter -- Peter "Luna" Runestig (fd. Altberg), Sweden PGP Key ID: 0xD07BBE13 Fingerprint: 7B5C 1F48 2997 C061 DE4B 42EA CB99 A35C D07B BE13 Gubben Movitz ler och nickar, / men från Charons mörka sund dödens blund / i dina blickar / bådar snart din sista stund. Carl Michael Bellman, Fredmans epistel nr 34 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
