-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 23 May 2002 18:05:16 -0400, Lists wrote:
>I'm looking for a "secure" way to automatically create FTP accounts on a >FTP server in the DMZ from an internal server. > >Here's the scenario: > >Client has multiple customers (hundreds) and would like to have the >ability for their customers to be able to upload/download files from >their FTP server. They envision an internal employee (primary client >contacts, non technical) going to an internal web server interface and >keying in a username and password. They would like this to kick off a >creation of a user on the FTP server with a home directory being created >for the user will full rights to the directory. Furthermore they would >like this account to be active for "X" days before expiring with the >optional ability to delete the entire directory automatically. > >Anyone ever run across something like this? look into pure-ftpd with the mysql/ldap backend.. then you can put a simple php interface on top of the mysql db. that's it. php can verify the user by ip,password,certificate etc.. HTTPS is adviseable as well. > >Platform is not important, can be a UNIX or NT based FTP server. This >request has obvious security issues but if you knew the client you'd >agree this is the least of their worries. it is. this would be a screaming horror under NT with IIS.. IMHO Stefan Osterlitz PGP Public Key Fingerprint: 8A9C BC27 6D98 E447 09E8 F78B 7527 21C6 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPPHTGXUnIcbqP8k9EQKFtQCgiNZyuTdnb1HUPtfjsYaW7K4y22EAn1H0 a3tAdtC2DVwmPXIV3IR0qEoD =6wbc -----END PGP SIGNATURE-----
