Unfortunately, the answer is server dependant. In both Unix and NT/2000 you
can script actions that can be triggered via a web interface.
With NT, you could simple use IIS, NT's integrated accounts, WMI, and ASP.
However, this would require you to take security precautions to make sure
the rights are assigned properly. Still this could be very simple.
With Unix, it will depend on what FTP, and Web services you're using. Also,
if you want to use local accounts to the server, or if they are associated
with the independent services. The specific answer does depend on what your
using.
The general is this:
1. Have a web page that is only accessible to the internal network
using IP restrictions.
2. Further, have that web page reject any anonymous access and
require some form of authentication; preferably over SSL.
3. Upon accurate authentication of user with appropriate rights, have
the Web Page be a form where they enter in the information.
4. Upon validation of the web page information, execute a script or
program that makes the appropriate changes:
a. Create the account
b. Create the directory
c. Set the expiration point
d. Add the removal of the directory (and the disabling of the
account) to a job listing.
5. Have a scheduled job (perhaps once a day) that reviews the job
listing and removes the directory and disables the account at the
appropriate time.
If you want to get more specific, you'll need to know the interface of your
application and operating system.
-K
----- Original Message -----
From: "Lists" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 23, 2002 5:05 PM
Subject: Automatic FTP account creation
> I'm looking for a "secure" way to automatically create FTP accounts on a
> FTP server in the DMZ from an internal server.
>
> Here's the scenario:
>
> Client has multiple customers (hundreds) and would like to have the
> ability for their customers to be able to upload/download files from
> their FTP server. They envision an internal employee (primary client
> contacts, non technical) going to an internal web server interface and
> keying in a username and password. They would like this to kick off a
> creation of a user on the FTP server with a home directory being created
> for the user will full rights to the directory. Furthermore they would
> like this account to be active for "X" days before expiring with the
> optional ability to delete the entire directory automatically.
>
> Anyone ever run across something like this?
>
> Platform is not important, can be a UNIX or NT based FTP server. This
> request has obvious security issues but if you knew the client you'd
> agree this is the least of their worries.
>
> Thanks in advance.
>
>
