|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS FTP server authentication via Kerberoshi,
my boss ask me if it is possible to authenticate on an IIS server using Kerberos(?) instead of the usual username/password I'm not sure I understand what he means... :/ could s/o help me ? TIA, Pierre. Hi Pierre
I believe what you are asked is, if FTP authentication between client and server, can use a more secure way of authentication like in Kerberous, maybe even using Kerberous Auth. No, that's not possible, the FTP protocol is unsecure and communicate username/password in plain text between the server and the client. You can solve this by installing a Secure FTP (SFTP) server, but the FTP server in IIS is not able to run SFTP. If you want to go for SFTP, you have several options: 1. wait for Longhorn Server, where IIS will have the SFTP functionality. 2. find a 3rd party product for your FTP server, which is able to run SFTP. I hope this answered your question. Regards Peter Schmidt www.iis-digest.com Show quoteHide quote "Pierre Bru" <Pierre.***@spotimage.fr> wrote in message news:udtpNqryGHA.4392@TK2MSFTNGP04.phx.gbl... > hi, > > my boss ask me if it is possible to authenticate on an IIS server using > Kerberos(?) instead of the usual username/password > > I'm not sure I understand what he means... :/ > could s/o help me ? > > TIA, > Pierre. FTPS and SFTP are two different beast all together...
FTPS works via SSL, while SFTP relies on secure shell technology. IIS FTP in v7 will offers FTPS. -- Show quoteHide quoteRegards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ "Peter Schmidt" <peter[AT]iis-digest[DOT]com> wrote in message news:e2Mnr9syGHA.3464@TK2MSFTNGP03.phx.gbl... > Hi Pierre > > I believe what you are asked is, if FTP authentication between client and > server, can use a more secure way of authentication like in Kerberous, > maybe even using Kerberous Auth. > No, that's not possible, the FTP protocol is unsecure and communicate > username/password in plain text between the server and the client. > > You can solve this by installing a Secure FTP (SFTP) server, but the FTP > server in IIS is not able to run SFTP. If you want to go for SFTP, you > have several options: > 1. wait for Longhorn Server, where IIS will have the SFTP functionality. > 2. find a 3rd party product for your FTP server, which is able to run > SFTP. > > I hope this answered your question. > > Regards > Peter Schmidt > www.iis-digest.com > > > "Pierre Bru" <Pierre.***@spotimage.fr> wrote in message > news:udtpNqryGHA.4392@TK2MSFTNGP04.phx.gbl... >> hi, >> >> my boss ask me if it is possible to authenticate on an IIS server using >> Kerberos(?) instead of the usual username/password >> >> I'm not sure I understand what he means... :/ >> could s/o help me ? >> >> TIA, >> Pierre. > > Bernard Cheah [MVP] wrote:
> FTPS and SFTP are two different beast all together... is FTPS the same as what unix people call kerberos ftp ? or maybe these> FTPS works via SSL, while SFTP relies on secure shell technology. > > IIS FTP in v7 will offers FTPS. so called kerberos ftp are either FTPS or FTPS server which validate the username/password against some kerberos server ? TIA, Pierre. I'm not sure. but I think that would be more towards FTP authentication,
rather than FTP+SSL implementation. -- Show quoteHide quoteRegards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ "Pierre Bru" <Pierre.***@spotimage.fr> wrote in message news:eXbubg0yGHA.5048@TK2MSFTNGP03.phx.gbl... > Bernard Cheah [MVP] wrote: >> FTPS and SFTP are two different beast all together... >> FTPS works via SSL, while SFTP relies on secure shell technology. >> >> IIS FTP in v7 will offers FTPS. > > is FTPS the same as what unix people call kerberos ftp ? or maybe these > so called kerberos ftp are either FTPS or FTPS server which validate the > username/password against some kerberos server ? > > TIA, > Pierre. 
Other interesting topics
IIS 6 Question: How to Publish from FrontPage 2003
Intranet Security How to set ADSL router for IIS + ADSL connection ? remove users from ftp site server certificate from cert service Multiple certificates on one website? lockdown tool for IIS 6.0 Should ADFS be implemented when... Security on inetpub/wwwroot IIS Newbie question |
|||||||||||||||||||||||
