Security Behavior
Use this panel to customize the security behavior.
Before you begin, you should understand:
- Most of the settings on this panel apply to both the Transport Security Layer (TLS) protocol
and to the Kerberos protocol.
- Most of the settings on the panel apply both when configuring an FTP client and when configuring an FTP server.
- If you are configuring a client, you have already indicated the client will use either the TLS or Kerberos security
mechanism.
- If you are configuring a server, you have already indicated the server should be enabled for TLS, Kerberos, or both.
- The resulting behavior of the settings on this panel differs based both on the security protocol and whether the
setting is for a client or a server.
- The resulting behavior of each setting is described in the detail helps and IBM recommends reading them before making
your selections.
Steps
- If you require FTP sessions to use a security protocol, check the box "Clients must use secure connections".
- If you require client certificate authorization,
check the box "Require client certificate authentication". In addition to client certificate authentication:
- If you require additional verification of the user ID, check the box "Verify client user ID".
- If you want to use the client certificate authentication to eliminate the need for clients to specify a password when
logging in, check the box "Do not prompt for a password". This setting is only applicable if you indicated
to enable the server for the TLS protocol and has no effect on Kerberos protocol behavior.
These settings are available only when configuring a server and do not apply when configuring a client.
- Select the data connection security level.
- Select the control connection security level. This setting is available only if you indicated to use the Kerberos
protocol and has no effect if using TLS.
You have completed this panel after making your security protocol required selection, your client certificate
authentication selection, your data connection security level selection,
and your control connection security level selection.
You can find more detailed help on the following elements of this window:
Security protocol required (SECURE_FTP)
Client certificate authentication (SECURE_LOGIN, SECURE_PASSWORD) (only
available for FTP servers)
Data connection security level (SECURE_DATACONN)
Control connection security level (SECURE_CTRLCONN) (only available
for Kerberos)