/etc/ftpd.cnf File Format for TCP/IP
Purpose
Specifies the configuration parameters of the ftpd daemon to start a transport layer security (TLS) session.
Description
The /etc/ftpd.cnf file is an ASCII file that contains configuration parameters of the ftpd daemon to set up a TLS session upon receiving a TLS request from an ftp client.
The /etc/ftpd.cnf file contains the following entries separated by spaces, tabs, or new lines:
| Item | Description |
|---|---|
| CRL_PATH | Specifies the path to the certificate-revocation-list file in privacy enhanced mail (PEM) format. If the CRL_PATH entry is specified, the digital certificate that the client provides is verified against the certificate revocation list. If the ftp client is not using a digital certificate, the connection fails. If the client provides a digital certificate, but the certificate has been revoked, the TLS session fails. If this parameter is not specified, the client does not have to provide a digital certificate. |
| CA_PATH | Specifies the path to the trusted certificate-authority file in PEM format. If the CA_PATH entry is specified, the client certificate is verified against the certificate authority. If the client does not provide a digital certificate, the connection fails. If the client provides a digital certificate, but the certificate authority has not signed the certificate, the TLS session fails. If this parameter is not specified, the client does not have to provide a digital certificate. |
| CIPHER_LIST | Specifies the list that is used during the TLS session. If it is not specified, a default cipher list is used. |
| DEPTH | Verify the certificate that the ftp client provides in the digital certificate hierarchy, if the CA_PATH configuration parameter has been specified. If the DEPTH entry is not provided, a default value of 9 is used. |
| CERTIFICATE | Specifies the path to a valid chain of digital-certificates files in PEM format. This entry must be specified to start a TLS session. If this entry is not specified, the ftpd server rejects all TLS requests. |
| CERTIFICATE_PRIVATE_KEY | Specifies the path to the certificate private key in PEM format. This entry must be specified to start a TLS session. If this entry is not specified, the ftpd server rejects all TLS requests. |
| DH_PARAMETERS_DIR | Specifies the path to a directory containing Diffie-Helman parameters in PEM format. More than one file can be included in this directory. The ftpd daemon searches for the appropriate parameter. |
Examples
The following is an example of an entry in the /etc/ftpd.cnf file:
CRL_PATH /crl.pem
CA_PATH /ca.pem
CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
DEPTH 2
CERTIFICATE /cert.pem
CERTIFICATE_PRIVATE_KEY /privatekey.pem
DH_PARAMETERS_DIR /DH_DIR
Files
| Item | Description |
|---|---|
| /usr/samples/tcpip/ftpd.cnf | Sample ftpd.cnf file |