7/1 - Secure Services Meeting Notes **AI - Nathan will update Corporate Time Calendar to indicate continuing weekly meetings on Mon 2:30-3:30 in the 4545 basement conf room. ---------------------------------------------------------------- old biz: FastTrans - was behavior changed over the weekend ? Mark has received a few calls about plain text telnet going away. Users were receiving a banner message indicating service would change on 20th, so they may have thought the change occurred and they weren't affected. This host should also be listed in the UWICK if possible. There was some indication that which hosts are/aren't provided by uwick may need review. Another option would be to provide web help telling a user how to setup these additional shortcuts which the basic uwick doesn't provide. ---------------------------------------------------------------- New Biz - FTP: anonymous ftp ftp.u, ftp.cac, redhat.cac - since they only accept anonymous, no change should be needed. we should clearly identify anonymous ftp and these services as 'exceptions' when announcing changes about ftp. user ftp: need clients and protocols chosen and tested by Aug 1 aug 1 = UWICK release date. oct 1 is beginning of fall quarter ssh / sftp v3 - needs to be tested. (may need to install and test ssh v3 on servers..initial tests will let us know). **AI - Ryan / Client Services will try initial testing and involve more people if it passes the initial tests. secure fetch 3.5 - just coming out. **AI - Mark will continue to test it. Q - will mac be able to ftp onto vitcos (kftp)? ask Harold. We think it may possibly work now. Dreamweaver crowd will need to change tools unless webdav can be made to work. secure ftp raises bar for minimal usable hw, so we will possibly lose more folks (this is expected) webdav is enabled on fac/staff/depts web servers. may not be great solution in current form. current setup uses apache htaccess names/passwords over ssl and basic auth. whatever the solution (webdav/sftp), we don't think we'll have a solution by start of fall quarter for web developers. need to talk to Catalyst and make sure they are onboard with changes we are planning. Perhaps they are ok with just being ask to use sftp ? idea: could use a separate host for plain ftp only to public_html folder and tighten all others? would be preferable to change all ftps together. Donn will make a homer02.u and a dante02.u in final state if required ** AI - investigate options for 2/3 weeks then create ftp changeover schedule. standard MIT ftp release broken. requires channel binding on ftpd, which need to be disabled. Donn will check with MIT about this. With server side changes, gss nat sessions now work on mac!!