I don't know many things about client certificates. I'm sure there's a way to secure them even if they're stored on some usb stick. Could you enlighten me ?
On another side, how will it work with other ftp daemons ?
Talking about companies that want to restrict the access to their ftp servers, there should still be an ip/host based access control like what we currently have with Host.Rules. Again, could you confirm this darkone ? I must also agree with the fact that ident might be "fun" but is very easy to fake nowadays.
Since tcl will still be there, adding a script to check the ident@host of the user on connect will only take a few lines of code. It will even bring the ability to add advanced regular expressions support or other kind of comparisons you might think of.
|