Disable GSSAPI when using an FTP client?

We have two HP-UX machines, both are B.11.31.

When I FTP from the HP-UX boxes to a remote IBM server,-

HP-UX 1:

Connected to xxxx.
220-FTPD1 IBM FTP CS V1R12 at R2, 12:24:39 on 2013-08-30.
220 Connection will close if idle for more than 15 minutes.
Name (xxxx:user): 

HP-UX 2:

Connected to xxxx.
220-FTPD1 IBM FTP CS V1R12 at R2, 12:25:02 on 2013-08-30.
220 Connection will close if idle for more than 15 minutes.
Trying GSSAPI...
GSSAPI rejected as security mechanism.
*** Using plaintext user and password ***
Name (xxxx:user):

inetsvcs_sec status shows: kerberos disabled (which is supposed to disable sis for FTP).

I can find no ftp client configuration files and I am not passing any options to ftp.

Q1: Why is one trying GSSAPI and the other not?
Q2: How do you disable the GSSAPI with ftp?

GSSAPI is an interface tool. It allows C code or java code to access disparate authentication systems using an identical methodology. It often runs against Kerberos.

I do not know definitely if there is a way to "turn off" something like this, but I do not believe you can. The cause is an underlying security setting for system #2. Are you using LDAP or Active Directory? Consider getting your AD folks to look at what the user account settings are with regard to the HPUX box. The authentication in your example did NOT fail, BTW.

1 Like

If we are not using LDAP or AD, just plain logins, where would that account setting likely be?

I looked in .profile and saw nothing.