The generic security service (GSS) can be used by Kerberos network applications for authentication, integrity, and privacy. The following steps show how to enable the GSS service for ProFTPD.
Before You Begin
You must assume the root role on the FTP server. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
These steps might not be needed if the changes were made earlier.
ftpserver1 # /usr/sbin/kadmin -p kws/admin Enter password: xxxxxxxx kadmin:
kadmin: addprinc -randkey ftp/ftpserver1.example.com
A new keytab file makes this information available to the ftp service without exposing all of the information in the server's keytab file.
kadmin: ktadd -k /etc/krb5/ftp.keytab ftp/ftpserver1.example.com
For more information, see the ktadd command in the kadmin(1M) man page.
ftpserver1 # chown ftp:ftp /etc/krb5/ftp.keytab
Make the following changes to the /etc/proftpd.conf file.
# pfedit /etc/proftpd.conf LoadModule mod_gss.c GSSEngine on GSSKeytab /etc/krb5/ftp.keytab
# svcadm restart network/ftp