> Does your password contain ':', '@' or '/'?  IIRC, sysinst calls ftp as :
> 
> 	ftp ftp://username:password@host.domain/path/to/tarfile

sysinst should do %hex quoting of unsafe characters when it
invokes ftp, but it fails to do so.  See lines 339 to 340 of
distrib/utils/sysinst/net.c, where it calls run_prog without encoding
any of the potentially problematic variables.

ftp correctly interprets %hex encoding (see lines 1034 and 1035 of
usr.sbin/ftp/fetch.c, where it calls url_decode on the username and
password).

--apb (Alan Barrett)