KTFTP: a secure file transfer utility
Obtaining KTFTP
What KTFTP is
KTFTP is a CMU-grown simple file transfer utility for transferring
secure data between server machines. It is based on the 4.3 BSD
tftp, and inherits all of its functionality. This document will only
detail differences between ktftp and regular tftp.
Summary of Differences
KTFTP does not work on a file basis; rather, operations are done on
tags, which are mapped by the KTFTP server to a file on the remote
machine. This is done for data abstraction purposes, and so that
knowledge of the motion of log files and related types of data on
the remote machine does not have to be propagated excessively
throughout other system components. Each tag has associated with it
a '~' holder which is referenced as tagname~ (for instance, the tag
"foo" would have ~ holder "foo~"). See the push and delete commands
below for the use of this. The mental picture is that of a backup
file.
Additionally, all tags have access control lists associated with
them. The Kerberos identity of the user running ktftp is used for
these. Unlike normal tftp, if a user is on an ACL for a tag, the
only time an operation will be denied is if root on the server
machine cannot reasonably perform the operation. In particular,
read/write bits on the file are irrelavent and file existance is not
neccesary for the put operation. The ~ holder has exactly the same
rights as the normal tag.
Two new commands are avaliable in KTFTP, and are in place explicitly
to support moving log files and similar types of data off of server
machines. These are:
- push
- moves the files in the named tags to their ~
holder. This is done atomically through a
rename(2) on the remote server
- delete
- deletes the file associated with the named tags
These commands can be put together as follows for reliable transfer
of data:
ktftp push machine:tag
ktftp get machine:tag~
ktftp delete machine:tag~
As this implies, a single command can be placed on the command line
for non-interactive operation. Exit codes can be used to detect
errors:
-
- -1
- a local error, error message printed
- 0
- successful operation
- 1
- EUNDEF, associated with a UNIX error on the
remote machine, error message
printed.
- 2
- ENOTFOUND, file associated with tag not found
- 3
- EACCESS, access violation
- 4
- ENOSPACE, disk full or allocation exceeded
- 5
- EBADOP, illegal KTFTP operation
- 6
- EBADID, unknown transfer ID
- 7
- EEXISTS, file already exists
- 8
- ENOUSER, no such user
- 9
- ETIMEOUT, transfer timed out
EBADID, EEXISTS and ENOUSER are not currently used in KTFTP. EBADOP
is indicative of packet corruption or catastrophic program error.
So that ktftp may be used as a pipe, the local filename "-" may be
used to stand for standard input / standard output.
Lastly, so KTFTP can be used for security purposes, all data being
transferred is encrypted.
Program Author
Dan Lovinger, CMU Computing Services
Support Contact
Derrick Brashear (shadow+@andrew.cmu.edu), CMU Computing Services
Obtaining KTFTP
Export of this software from the United States of America may
require a specific license from the United States Government.
The KTFTP distribution