Why am I doing undesired SSL authentication? - Protocols

This is a discussion on Why am I doing undesired SSL authentication? - Protocols ; In May, greatly due to this group's influence, I developed an application on a SUSE 8 platform using the FTP client built in Kermit 7. This app's only viable method for logging in to a remote server is with a ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Why am I doing undesired SSL authentication?

  1. Why am I doing undesired SSL authentication?

    In May, greatly due to this group's influence, I developed an
    application on a SUSE 8 platform using the FTP client built in Kermit
    7. This app's only viable method for logging in to a remote server is
    with a userid and password, i.e. no SSL, Kerberos, etc.. It worked very
    well.

    We recently switched to a new server which included upgrading from SUSE
    8 to SUSE 9 and from cKermit 7 to cKermit 8. After this switch, Kermit
    now tries to perform SSL authentication before each session which fails
    because we do not (and never will) have this set up with the servers to
    which we are connecting.

    Kermit docs show that it bases its default authentication settings on
    which libraries exist when it is installed. From this and our new
    attempts at SSL authentication, it seems some SSL library(ies) exist on
    our new server that were not on our old server which cause Kermit to
    always attempt SSL authentication by default. I have turned this off
    and restored our app to its former successful functioning by issuing a
    "SET FTP AUTOAUTHENTICATION OFF" before we execute an FTP OPEN. Our sys
    admin states nothing changed in the installations of Kermit on our
    servers.

    My questions are:
    1. Does my analysis seem correct?
    2. Is "SET FTP AUTOAUTHENTICATION OFF" the right (and/or only) way to
    stop Kermit from performing SSL authentication by default (without
    removing libraries or modifying make files)?
    3. How do I identify the library(ies) which, by their existence, cause
    Kermit to default to performing SSL authentication?
    4. Since no known library changes were made during our upgrade, how
    should we have known about this prior to upgrading?
    3. Has anyone else found this to be an issue?

    Thank you.
    Joe


  2. Re: Why am I doing undesired SSL authentication?

    On 2005-10-31, joe.powell@lmco.com wrote:
    : In May, greatly due to this group's influence, I developed an
    : application on a SUSE 8 platform using the FTP client built in Kermit
    : 7. This app's only viable method for logging in to a remote server is
    : with a userid and password, i.e. no SSL, Kerberos, etc.. It worked very
    : well.
    :
    : We recently switched to a new server which included upgrading from SUSE
    : 8 to SUSE 9 and from cKermit 7 to cKermit 8. After this switch, Kermit
    : now tries to perform SSL authentication before each session which fails
    : because we do not (and never will) have this set up with the servers to
    : which we are connecting.
    :
    : Kermit docs show that it bases its default authentication settings on
    : which libraries exist when it is installed.
    :
    Not exactly. C-Kermit can be built with or without support for various
    security methods, including SSL, Kerberos, etc. If you build it yourself
    you can control which options are included. For example, "make linux"
    builds it with no security at all, in which case it will never try to
    make a secure connection (except SSH, for which it uses the external
    ssh client, but only if you tell it to make an SSH connection).

    : From this and our new
    : attempts at SSL authentication, it seems some SSL library(ies) exist on
    : our new server that were not on our old server which cause Kermit to
    : always attempt SSL authentication by default. I have turned this off
    : and restored our app to its former successful functioning by issuing a
    : "SET FTP AUTOAUTHENTICATION OFF" before we execute an FTP OPEN. Our sys
    : admin states nothing changed in the installations of Kermit on our
    : servers.
    :
    Of course if you have a verion of C-Kermit with security features included,
    you can use commands such as the one you mentioned to control their behavior
    or disable them altogether.

    - Frank

+ Reply to Thread