Password management (SPASSWD)

This section describes how to configure access management when not using Central Governance.

This section describes how to implement three different types of password management. For each of these methods, an example is provided that shows the server side configuration and an example user command from the client side. These management types are:

About RPASSWD and SPASSWD

In addition to RUSER or SUSER, you can provide a password in the RPASSWD/SPASSWD fields to have user authentication, the same as users had if previously using FTP/SSH.

RPASSWD and SPASSWD can be provided directly as mypassw123, through an external flat file such as @fname,or using another system. Other system types include:

  • Operating System User Management
  • Transfer CFT UI User Access Base (xfbadm)
  • Access Management System (PassPort AM, AM exit)

See Unified configuration Access Management for details on defining the authentication method using the keyword _AUTH_ and uconf:cft.server.authentication_method parameters.

Static passwords

Sending a file to the server

Server: static configuration

CFTRECV

id=idf01,

ruser=username01,

rpasswd=password01

Client: user command

SEND part=server, idf=idf0, ruser=username01, rpasswd=password01

Receiving a file from the server

Server: static configuration

CFTSEND

id=idf01,

imply=yes,

fname=file01,

suser=username01,

spasswd=password01

Client: user command  

RECV part=server, idf=idf01, suser=username01, spasswd=password01

External flat files

The file containing the passwords must have the format:

partner01 username01 password01

partner01 username02 password02

* username01 password03

* * password04

Sending a file to the server

Server: static configuration

Unix

CFTRECV

id=idf01,

rpasswd=@passwfile

Windows

Windows

CFTRECV

id=idf01,

rpasswd=#passwfile

Client: user command

SEND part=server, idf=idf01, ruser=username01, rpasswd=password01

Receiving a file from the server

Server: static configuration

Unix

CFTSEND

id=idf01,

imply=yes,

fname=file01,

spasswd=@passwfile

Windows

CFTSEND

id=idf01,

imply=yes,

fname=file01,

spasswd=#passwfile

Client: user command

RECV part=server, idf=idf01, suser=username01, spasswd=password01

System level authentication

In addition to RPASSWD and SPASSWD you must specified the authentication method (uconf:cft.server.authentication_method) to use.

The supported authentication methods are:

Authentication method copilot.restapi.authentication_method Details
Operating System system

The user/password is checked against the operating system.

Note We strongly recommend that you set copilot.misc.createprocessasuser=yes when using the system option.

On Unix, you must use cftsu to create users. Refer to Using system users UNIX for detailed instructions.

Access Management am

This methods uses an indirection towards the Access Management system. The user/password is checked by the configured access management system: Central Governance (PassPort AM), or internal AM.

xfbadm database

(UNIX only)

xfbadm

The user/password is checked using the xfbadm base (see the xfbadmusr and xfbadmgrp utilities).

REST API server authentication method

Sending a file to the server

Server: static configuration

CFTRECV

id=idf01,

rpasswd=_AUTH_

Client: user command

SEND part=server, idf= idf01, ruser=username01, rpasswd=password01

In this case username01/password01 is compared with what is defined in uconf: cft.server.authentication_method as the system.

Receiving a file from the server

Server: static configuration

CFTSEND

id=idf01,

imply=yes,

fname=file01,

spasswd=_AUTH_

Client: user command

RECV part=server, idf= idf01, suser=username01, spasswd=password01

In this case username01/password01 is compared with what is defined in uconf: cft.server.authentication_method as the system.

Related Links