Working with external software
Zlib
This software allows BBFTP to compress/uncompress data on-the-fly.
It can be downloaded at http://www.gzip.org/zlib. The recommended version is 1.1.4 which fixes a potential security problem.
This library is optional for both client and server.
The default behavior of the BBFTP build process is to search Zlib automatically.
OpenSSL
This software allows BBFTP to encrypt user connection details (user name + password) when using the standard authentication method.
It can be downloaded at http://www.openssl.org.
This library is optional for BBFTP client. It is mandatory for BBFTP server except in certificates mode (The Globus Toolkit includes it).
The default behavior of the BBFTP build process is to search OpenSSL automatically.
Globus Toolkit 2
This software allows BBFTP to use certificates as authentication mode.
The Globus Toolkit 2.0 or 2.2 is divided into several components.
The one needed by BBFTP is GSI (Grid Security Infrastructure) which is included in the Information Service SDK Bundle.
This bundle can be downloaded at http://www.globus.org/toolkit/download.
Theses libraries are mandatory when using certificates.
If BBFTP is built in certificate mode, the default behavior of the build process is to search GSI automatically, else GSI is not included in the build process.
AFS
BBFTP is interfaced with AFS so that password entered in standard
authentication mode is handled by AFS.
By default, AFS is not included in the build process.
RFIO
This software allows BBFTP to access files directly from the
hierarchical storage systems HPSS or Castor.
RFIO64 is also supported.
The default behavior of the BBFTP build process is to search RFIO automatically.
Using bbFTP with a certificate
External software required (on both client and server hosts)
- GSI (Grid Security Infrastructure) from the Globus 2 Toolkit (2.0 or 2.2)
Refer to the Working with external software section.
System requirements
- The certificate mode has been tested for Linux intel and Solaris only
Certificates
2 certificates needed:
- A host certificate or a user certificate on the BBFTP server host.
- A user certificate on the BBFTP client host.
Build process
For both client and server, use the --enable-authentication=certificates
option for the configure
script.
See the installation sections for the client
and for the server.
Running the BBFTPD daemon
Before starting the daemon, some environment variables can be set to override default values
for certificates paths, mapfile location... If you use the --with-x509...
options of the configure
script,
these variables will be automatically set.
Refer to the Globus documentation for more details.
Run the daemon "bbftpd -b"
If you use a host certificate, you must be root
to start the daemon. The CN field of the certificate must be the full name of the host (i.e. host.domain). If it is something else (for example a service name), it must be specified by the client with the -g
option.
If you want to start your own daemon, you must use another certificate (a host certificate you can read or your own certificate). In this case, only you can use the bbftp client against this server, and you will have to use the -g
option (see BBFTP Client man page).
Running the client
Before running the client, you must create a temporary proxy using the grid-proxy-init
command.
Run the client "bbftp -e<command_list>|-i<control_file> <remote_host>"
Please, note that the -u
option is not used in the certificate authentication mode. If you use it, BBFTP will use the standard authentication mode.
More information
Additionnal information can be found on the GLOBUS web site
Implementing a private authentication module
Starting with release 2.1.0 it is possible to implement a private authentication
mechanism without. The private authentication mode disables all the other authentication
modes (standard, ssh and certificates).
On the client side
Write your authentication code in the file bbftp/bbftp_private_user.c
.
-
extern char *username;
This variable contains the username given on the command line (-u option).
-
extern char *privatestr;
This variable contains the string given on the command line with the -P option (or NULL if not used).
-
int bbftp_private_getargs(char *logmessage)
This routine is called at the begining of the login sequence (just
before setting the process in background if needed) in order
to allow the programmer to set variables or to request input from
the user.
The return code and the variables are explained in the file.
After having called this routine the main program will exchange
RSA keys with the server in order to crypt all messages sent
during the authentication procedure. Then the hand will be given
to the next routine :
int bbftp_private_auth(char *logmessage)
This routine will allow the user exchange data between the client
and the server. For that it will use two routines bbftp_private_recv
and bbftp_private_send
whose descriptions are given in the
bbftp_private_user.c
file.
When all this data exchange has ended, the routine will return to
main code with a return code of 0 in case of success or with a return
code of -1 and the string logmessage
filled in case of error.
On the server side
Write your authentication code in the file bbftpd/bbftpd_private_user.c
.
extern char currentusername[MAXLEN];
It has to be filled by the bbftpd_private_auth
routine.
-
int bbftpd_private_auth(char *logmessage)
As on the client side, this routine will exchange data using
bbftpd_private_send
and bbftpd_private_recv
routines
(whose decriptions are given in the bbftpd_private_user.c
file),
do all checks needed and return 0 in case of success or -1 and the string
logmessage
filled in case of error.
Building BBFTP with a private authentication module
On the client side
In the bbftpc directory, run
% ./configure --enable-authentication=private
Then run:
% make
Then run:
% make install
On the server side
In the bbftpd directory, run
% ./configure --enable-authentication=private
Then run:
% make
Then run:
% make install
See the installation pages for the client
and for the server for more information about the BBFTP build process.