Virtual Hosting on Solaris™ and NcFTPd
Ron McCarty
Out of the box, FTP on Solaris lacks two features necessary to enterprises
and service providers — dedicated user authentication and virtual hosting.
Many FTP daemons rely on giving the user a user account and a UNIX user id (UID)
on the system. Although a user account can be locked down by not providing a login
shell, the user account is still available as a UNIX ID and susceptible to security
hacks that rely on local user accounts. By separating the authentication from
the /etc/passwd and /etc/shadow, FTP becomes much more secure. In this article,
I’ll describe virtual hosting on Solaris with NcFTPd.
Virtual Hosting
Virtual hosting became quite popular on the Internet through service providers providing mail and Web services. A service provider cannot dedicate a real server to Web and mail servers for customers just wanting basic Web and mail functionality. Therefore, virtual services are added. For email, virtual hosts are not required, because there is no domain requirement for a mail exchange (MX) record to point to a host within the same domain.
For example, Sys Admin’s MX records point to gw.ddj.com:
# dig samag.com. mx
; <<>> DiG 9.2.0 <<>> samag.com. mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8517
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;samag.com. IN MX
;; ANSWER SECTION:
samag.com. 259200 IN MX 10 gw.ddj.com.
;; AUTHORITY SECTION:
samag.com. 259200 IN NS gw.ddj.com.
samag.com. 259200 IN NS ads.ddj.com.
;; Query time: 345 msec
;; SERVER: 192.168.1.252#53(192.168.1.252)
;; WHEN: Sun Jul 21 19:48:22 2002
;; MSG SIZE rcvd: 82
Many domains can point to the same mail exchanger, and the mail exchanger
can use the destination address to determine how to route the email either locally,
by rewriting addresses, or by further routing.
|
