Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!ucbvax!UTAH-CS.ARPA!cetron%utah-ced
From: cetron%utah-ced@UTAH-CS.ARPA.UUCP
Newsgroups: mod.computers.vax
Subject: Re:  Excelan TCP/IP
Message-ID: <8701211621.AA24413@utah-ced.ARPA>
Date: Wed, 21-Jan-87 11:21:18 EST
Article-I.D.: utah-ced.8701211621.AA24413
Posted: Wed Jan 21 11:21:18 1987
Date-Received: Wed, 21-Jan-87 20:32:18 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 17
Approved: info-vax@sri-kl.arpa

I found the best approach (which is being implemented in the tek tcp/ip by
Kevin Carosso) is to use the digital supplied "please validate this user/
password" routine - loginout.  If the initial FTP server simply starts up,
establishes the connection and then spawns loginout to create the FTP
control process, waits to establish that it successfully completed, then passes
the tcp/ip connection over to the FULLY VALIDATED ( or at least as well as
any other interactive process on the machine :-) process and exits.... another
line of defense would be to also use loginout to create the data process and
let vms right away verify whether the user has access to data, not just the
system....this would allow full protection based on uic as well as (if done
right) special ACL's to allow/disallow ftp access.

-ed cetron
center for engineering design
Univ of Utah
cetron%utah-ced@utah-cs.arpa
cetron@utahcca.bitnet