83 lines
6.5 KiB
HTML
83 lines
6.5 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Require client authentication for the File Transfer Protocol server" />
|
|
<meta name="abstract" content="If you need the File Transfer Protocol (FTP) server to authenticate clients, you can change the application specifications in IBM Digital Certificate Manager (DCM). This step is optional." />
|
|
<meta name="description" content="If you need the File Transfer Protocol (FTP) server to authenticate clients, you can change the application specifications in IBM Digital Certificate Manager (DCM). This step is optional." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiqsslparent.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiqsslassoccert.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiqsslenablessl.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu66adcmstart.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaiqsslenableclient" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Require client authentication for the File Transfer Protocol server</title>
|
|
</head>
|
|
<body id="rzaiqsslenableclient"><a name="rzaiqsslenableclient"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Require client authentication for the File Transfer Protocol server</h1>
|
|
<div><p>If you need the File Transfer Protocol (FTP) server to authenticate
|
|
clients, you can change the application specifications in IBM<sup>®</sup> Digital Certificate
|
|
Manager (DCM). This step is optional.</p>
|
|
<div class="section"><div class="note"><span class="notetitle">Note:</span> With the FTP server you can authenticate
|
|
clients, but you cannot do so with the i5/OS™ FTP client. You can require client
|
|
authentication, but it will exclude connections that are for i5/OS FTP clients.</div>
|
|
<p>If
|
|
an FTP client connects and client authentication is enabled for the server,
|
|
the client must still send a USER subcommand. After the USER subcommand information
|
|
is sent, the FTP server will check that the user matches the profile associated
|
|
with the client certificate that the client sent to the server as part of
|
|
the SSL handshake. If the user matches the client certificate, no password
|
|
is needed and the FTP server will log the user onto the system. The USER subcommand
|
|
is needed because there is no mechanism in the FTP protocol to "inform" the
|
|
client that it's logged on without the command.</p>
|
|
</div>
|
|
<ol><li><span>Start IBM Digital Certificate Manager. If you need to obtain
|
|
or create certificates, or otherwise setup or change your certificate system,
|
|
do so now. See <a href="../rzahu/rzahurzahu401usingdcm.htm" target="_blank">Configure DCM</a> for information about setting up a certificate
|
|
system.</span></li>
|
|
<li><span>Click the <span class="uicontrol">Select a Certificate Store</span> button.</span></li>
|
|
<li><span>Select <span class="uicontrol">*SYSTEM</span>. Click <span class="uicontrol">Continue</span>.</span></li>
|
|
<li><span>Enter the appropriate password for *SYSTEM certificate store. Click <span class="uicontrol">Continue</span>.</span></li>
|
|
<li><span>When the left navigational menu reloads, expand <span class="uicontrol">Manage
|
|
Applications</span>.</span></li>
|
|
<li><span>Click <span class="uicontrol">Update application definition</span>.</span></li>
|
|
<li><span>On the next screen, select <span class="uicontrol">Server</span> application.
|
|
Click <span class="uicontrol">Continue</span>.</span></li>
|
|
<li><span>Click <span class="uicontrol">i5/OS TCP/IP FTP Server</span>.</span></li>
|
|
<li><span>Click <span class="uicontrol">Update Application Definition</span>.</span></li>
|
|
<li><span>In the table that displays, select <span class="uicontrol">Yes</span> to
|
|
require client authentication.</span></li>
|
|
<li><span>Click <span class="uicontrol">Apply</span>.</span></li>
|
|
<li><span>DCM reloads to the <span class="uicontrol">Update Application Definition</span> page
|
|
with a confirmation message. When you are finished updating the application
|
|
definition for the FTP server, click <span class="uicontrol">Done</span>.</span></li>
|
|
</ol>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiqsslparent.htm" title="With Secure Sockets Layer (SSL) you can eliminate the exposure of transmitting passwords and data in the clear when using the i5/OS File Transfer Protocol (FTP) server with an FTP client that also uses SSL.">Use Secure Sockets Layer to secure the File Transfer Protocol server</a></div>
|
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzaiqsslassoccert.htm" title="Perform this task if you did not assign a certificate to the File Transfer Protocol (FTP) server application during the creation of the local Certificate Authority (CA), or if you have configured your system to request a certificate from a public CA.">Associate a certificate with the File Transfer Protocol server</a></div>
|
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzaiqsslenablessl.htm" title="In order to use Secure Socket Layer (SSL) to secure your File Transfer Protocol (FTP) server, you need to complete the configuration steps first.">Enable Secure Socket Layer on the File Transfer Protocol server</a></div>
|
|
</div>
|
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
|
<div><a href="../rzahu/rzahurzahu66adcmstart.htm">Start DCM</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |