Changes for Uploading and Downloading Files via FTP to www.upenn.edu
October 2002
This site can be used as a resource for quickly locating information about
PennKey, Kerberos and changes you'll need to make on October 14th 2002 to
upload and download files via FTP to your websites on Penn's web server
(www.upenn.edu).
- The who, what and why
of Kerberos authentication on Penn's Web server.
- I'm confused, will I need to
change the way I upload and download files to all the FTP servers I use
or only to WWW?
- How can I prepare for this change?
- How to use Kerberos Ticket Manager.
- How to download Kerberos Ticket Manager.
- How to download Kerberos-compliant FTP software.
- How to configure Kerberos-compliant FTP software
on October 14th.
- Where can I find information
about the University of Washington FTP proxy for Kerberos?
(Dreamweaver for Windows only)
- I'm not on campus or I'm behind a router or firewall
and I'm having trouble getting tickets or connecting to the server.
I'm confused, do I need to change the
way I upload and download files to all the FTP servers I use or only to
WWW?
FTP servers (along with servers running POP, IMAP and other protocols)
were required to comply with the Critical
Host policy by October 14, 2002. This means server administrators must
now provide a secure way for users to authenticate to their server. Client
use via secure channels will not be mandatory until some future date. With
that in mind, FTP, POP, IMAP and telnet clients can login using both secure
and insecure methods until at least January 1, 2003.
However, organizations that operate critical servers can make secure login
mandatory on their servers at any time prior to the date mandated by the
Critical Host policy. For example, your school or center may decide that
you must securely connect to its FTP servers beginning on some date prior
to the campus-wide mandatory date.
www.upenn.edu now authenticates directly against the new PennKey authentication
system. Because of that, there is a risk of compromising the central authentication
server if ISC permits web content providers to authenticate to www.upenn.edu
in an insecure way. With that in mind, ISC began requiring secure (kerberized)
authentication for the www.upenn.edu server beginning on the date of the
cutover (10/14/02).
This change does not yet affect other FTP servers that are run by ISC Networking
& Telecommunications. For example, pobox.upenn.edu already offers kerberized
services (including FTP), but will continue to accept less secure methods
of login until an as yet undertermined future date.
Check with your system administrator to determine when authentication changes
are planned for other servers you access.
Return to Menu
How can I adjust to this change?
ISC has prepared a chart that may be useful in understanding
how security changes on WWW impact the way Windows
and Macintosh users manage and exchange
files with Penn's web server.
Return to Menu
How to use Kerberos Ticket Manager
How to download Kerberos Ticket
Manager
How to download Kerberos-compliant
FTP software
How to configure Kerberos-compliant
FTP software
I'm not on campus or I'm behind
a router or firewall and I'm having trouble getting tickets or connecting
to the server.
penn web developers
|
