FTP and kerberos

Rick Stevens rstevens at vitalstream.com
Mon Mar 6 17:51:36 UTC 2006 

On Fri, 2006-03-03 at 16:46 +0000, John Dunn wrote:
> Whenever I do an ftp on linux the ftp works but I get the message
> 
> KERBEROS_V4 rejected as an authentication type
> 
> How can I prevent the message from appearing.
> 
> local: producer.tar remote: producer.tar
> 227 Entering Passive Mode (10,0,1,13,137,24)
> 150 Opening data connection for producer.tar (17336320 bytes).
> 226 Transfer complete.
> 17336320 bytes received in 1.3e+02 seconds (1.3e+02 Kbytes/s)
> ftp> quit
> 221 Goodbye.
> [producer at figaro producer]$ pwd
> /home/producer/jakarta/jakarta-tomcat-5.0.28/webapps/producer
> [producer at figaro producer]$ tar -xvpf producer.tar
> WEB-INF/
> admin-pm-sm-po.jnlp
> admin-sm-po.jnlp
> admin.jnlp
> all_profiles.jnlp
> images/
> images/JaWE_32.gif
> images/JaWE_64.gif
> images/bouton_producer_ang.gif
> images/logo.gif
> images/webstart.jpg
> images/sefas_32.gif
> images/sefas_64.gif
> images/sefas_48.gif
> index.html
> index.html__
> index.jsp
> lib/
> lib/jide-common.jar
> lib/jide-action.jar
> lib/commons-validator-1.2.0a.jar
> lib/commons-lang-2.1.jar
> lib/commons-digester-1.7.jar
> lib/commons-logging-1.0.4.jar
> lib/commons-collections-3.1.jar
> lib/commons-beanutils-1.7.0.jar
> lib/classes12.jar
> lib/config/
> lib/config/workflowstage_core.xml
> lib/config/workflowactivity_core.xml
> lib/config/sefas_producer_nsteam.properties
> lib/config/sefas_producer.properties
> lib/config/productionfloor_nsteam.xml
> lib/config/productionfloor.xml
> lib/config/producer_ext.properties.bak
> lib/config/producer_ext.properties
> lib/config/mservice_uk_nsteam.xml
> lib/config/mservice_uk.xml
> lib/config/mservice_fr.xml
> lib/config/dbv4config.xml
> lib/sefas-monservice-SNAPSHOT.jar
> lib/sefas-widgets-SNAPSHOT.jar
> lib/sefas-middleware-SNAPSHOT.jar
> lib/sefas-commons-SNAPSHOT.jar
> lib/producer.jar
> lib/runMock.bat
> lib/run.bat
> lib/producer-login-SNAPSHOT.jar
> lib/oro-2.0.8.jar
> lib/ocrs12.jar
> lib/nls_charset12.jar
> lib/log4j-1.2.8.jar
> lib/junit-3.8.1.jar
> lib/jide-grids.jar
> lib/jide-dialogs.jar
> lib/jide-components.jar
> lib/xerces.jar
> lib/TechViewIII.jar
> lib/sefas-workflow-shark-SNAPSHOT.jar
> oldjnlp/
> oldjnlp/index.html
> oldjnlp/jh.jnlp
> oldjnlp/maileroperator.jnlp
> oldjnlp/printeroperator.jnlp
> oldjnlp/producer.jnlp
> oldjnlp/producernologin.jnlp
> po-mo.jnlp
> producer.jnlp
> [producer at figaro producer]$ ls *.tar
> producer.tar
> [producer at figaro producer]$ rm *.tar
> [producer at figaro producer]$ ls -lt | more
> total 52
> -rw-r-----  1 producer producer 1610 Feb 25 01:24 index.html
> -rw-r--r--  1 producer producer 2036 Feb 25 01:23 producer.jnlp
> drwxr-xr-x  2 producer producer 4096 Feb 25 01:20 images
> drwxr-x---  3 producer producer 4096 Feb 25 01:15 lib
> drwxr-xr-x  2 producer producer 4096 Feb 25 01:12 oldjnlp
> -rw-r--r--  1 producer producer 1898 Feb 25 01:11 admin.jnlp
> -rw-r--r--  1 producer producer 1918 Feb 25 01:11 admin-pm-sm-po.jnlp
> -rw-r--r--  1 producer producer 1903 Feb 25 01:11 admin-sm-po.jnlp
> -rw-r--r--  1 producer producer 1889 Feb 25 01:11 all_profiles.jnlp
> -rw-r--r--  1 producer producer  409 Feb 25 01:11 index.html__
> -rw-r--r--  1 producer producer  130 Feb 25 01:11 index.jsp
> -rw-r--r--  1 producer producer 1889 Feb 25 01:11 po-mo.jnlp
> drwxr-xr-x  2 producer producer 4096 Feb 25 01:11 WEB-INF
> [producer at figaro producer]$ pwd
> /home/producer/jakarta/jakarta-tomcat-5.0.28/webapps/producer
> [producer at figaro producer]$ cd
> [producer at figaro ~]$ cd printer_scripts
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ whereis ping
> ping: /bin/ping /usr/share/man/man8/ping.8.gz
> [producer at figaro printer_scripts]$ whereis ping
> ping: /bin/ping /usr/share/man/man8/ping.8.gz
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ uname
> Linux
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ ping figaro
> PING figaro (10.5.1.68) 56(84) bytes of data.
> 64 bytes from figaro (10.5.1.68): icmp_seq=0 ttl=64 time=3.63 ms
> 64 bytes from figaro (10.5.1.68): icmp_seq=1 ttl=64 time=0.115 ms
> 64 bytes from figaro (10.5.1.68): icmp_seq=2 ttl=64 time=0.053 ms
> 
> --- figaro ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 2001ms
> rtt min/avg/max/mdev = 0.053/1.266/3.632/1.673 ms, pipe 2
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ ping figaro 1>/dev/null 2> n
> [producer at figaro printer_scripts]$ ping -c2 figaro
> PING figaro (10.5.1.68) 56(84) bytes of data.
> 64 bytes from figaro (10.5.1.68): icmp_seq=0 ttl=64 time=0.068 ms
> 64 bytes from figaro (10.5.1.68): icmp_seq=1 ttl=64 time=0.059 ms
> 
> --- figaro ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
> rtt min/avg/max/mdev = 0.059/0.063/0.068/0.009 ms, pipe 2
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ /usr/bin/ping -c2 figaro
> -bash: /usr/bin/ping: No such file or directory
> [producer at figaro printer_scripts]$ whereis ping
> ping: /bin/ping /usr/share/man/man8/ping.8.gz
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ vi dpserver_print
> [producer at figaro printer_scripts]$ man .netrc
> No manual entry for .netrc
> [producer at figaro printer_scripts]$ man ftp
> [producer at figaro printer_scripts]$ man netrc
> [producer at figaro printer_scripts]$ su - oracle
> Password:
> [oracle at figaro ~]$ ftp 10.5.1.12
> Connected to 10.5.1.12.
> 220 F40 FTP server (Version 4.1 Fri Nov 19 18:18:48 CST 1999) ready.
> 502 authentication type cannot be set to GSSAPI
> 502 authentication type cannot be set to KERBEROS_V4
> KERBEROS_V4 rejected as an authentication type
> Name (10.5.1.12:oracle): sefas
> 331 Password required for sefas.
> Password:
> 230 User sefas logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> bin
> 200 Type set to I.
> ftp> get .netrc
> local: .netrc remote: .netrc
> 227 Entering Passive Mode (10,5,1,12,181,139)
> 150 Opening data connection for .netrc (71 bytes).
> 226 Transfer complete.
> 71 bytes received in 0.0086 seconds (8.1 Kbytes/s)
> ftp> quit
> 221 Goodbye.
> [oracle at figaro ~]$ vi .netrc
> [oracle at figaro ~]$
> [oracle at figaro ~]$
> [oracle at figaro ~]$
> [oracle at figaro ~]$ ls-lt .netrc
> -bash: ls-lt: command not found
> [oracle at figaro ~]$ ls-lt .netrc
> -bash: ls-lt: command not found
> [oracle at figaro ~]$ ls -lt .netrc
> -rw-r--r--  1 oracle oinstall 118 Mar  3 16:24 .netrc
> [oracle at figaro ~]$ chmod 800 .netrc
> chmod: invalid mode string: `800'
> [oracle at figaro ~]$ chmod 600 .netrc
> [oracle at figaro ~]$ cd
> [oracle at figaro ~]$ cd jamie
> -bash: cd: jamie: No such file or directory
> [oracle at figaro ~]$ pwd
> /home/oracle
> [oracle at figaro ~]$ logout
> [producer at figaro printer_scripts]$ cd
> [producer at figaro ~]$ cd jamie
> [producer at figaro jamie]$ cd formscan
> [producer at figaro formscan]$ ls
> 003396-O01-0.ef
> [producer at figaro formscan]$ pwd
> /home/producer/jamie/formscan
> [producer at figaro formscan]$ cd
> [producer at figaro ~]$ cd printer_scripts
> [producer at figaro printer_scripts]$ ls -lt | more
> total 164
> -rwxr-xr-x  1 producer producer 6018 Mar  3 16:19 dpserver_print
> Whenever I run the following ftp script the ftp works but  I get the message
> 
> KERBEROS_V4 rejected as an authentication type
> 
> How can I stop the message from appearing or trap it so it does not appear
> on standard output. I do not want to use kerboras anyway.
> 
> ftp -i othermachine 0>ftp.out 2>error.ftp << EoF
> binary
> put myfile
> quit
> EoF

By default, running "ftpd" will run a Kerberosed version of ftpd.  The
normal FTP daemon used is "vsftpd" (normal startup is "service vsftpd
start") and does not use Kerberos.

Of course, you could start up the Kerberos server and generate the
various tickets and such and actually run Kerberos.  The daemon will
allow you to authenticate via Kerberos, SSL or username/password.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-            "You think that's tough?  Try herding cats!"            -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list