SunScreen 3.1 Administration Guide

Proxy Users and Authentication

The proxy users database depends on information in the authorized users database. You must define a user first in the Authorized User area in the Policy Rules page. Proxy users are used in FTP and Telnet proxy rules. You have to create entries for both authorized users and proxy users to take full advantage of the user authentication feature of the FTP and Telnet proxies.

The proxy user database contains the mapping information for users of SunScreen proxies. FTP and Telnet rules reference the proxy user entries. Additionally, a user connecting through either of these proxies will often be configured to require authentication by using an authorized user identity. Users logging in using a Telnet proxy are authenticated through the authorized user identity.

You can also use external authentication mechanisms (such as RADIUS or SecurID) to enable user authentication by using special proxy user entries, which create a translation.

By referencing these special mechanisms directly in rules or by adding references to other proxy user groups, you can allow users authenticated by those mechanisms to behave as authenticated users in the referenced contexts.

Names of proxy users must not contain the following characters: !, @, #, $, %, ^, &, *, {, }, [, ], <, >, ", `, \or , ?. It also must not contain a "NULL" character.

To Add an Authorized User
  1. Select Authorized User from the Type choice list.

  2. Select New... from the Add New button.

    The User dialog window appears.

    Figure 7-3 User Dialog Window

    Graphic

  3. Type the user name in the User Name field.

  4. (Optional) Type a description in the Description field.

  5. Click the User Enabled button.

  6. You need to defijne the authorization method by either assigning a password or choosing a SecureID name.

    1. (Assign Password) Type a password in the Password field.

      If you do this step, you also need to retype the password to confirm it.

    2. (SecureID name) Type a SecureID name in the SecurID field.

  7. Check the Enabled check box.

  8. (Optional) Type a name in the Real Name field.

  9. (Optional) Type an email address in the Contact Information field.

  10. Repeat the above steps until you have added all the authorized users.

  11. Click the OK button. All changes apply immediately.

To Add a Single Proxy User
  1. Select Proxy User from the Type choice list.

  2. Select New Single... from the Add New button.

    The Proxy User dialog window is displayed.

    Figure 7-4 Proxy User Dialog Window

    Graphic

  3. Type a name for this Proxy User in the Name field.

  4. (Optional) Type a description in the Description field.

  5. Check the User Enabled box.

    If this box is not checked, the proxy user becomes inactive and can no longer use the proxies.

  6. Click and highlight the name of the authorized user that you want to place in the Authorized User Name field.

  7. (Optional) Click and highlight the name or names of the user group or groups with which you want to associate this proxy user.

  8. Type the name that the proxy user should use when connecting to the target server (which is also known as the backend sever) in the Backend User Name field.

    This name will be the identity the proxy user assumes on any target server connected through this proxy user.

  9. Click the OK button.

  10. Repeat the above steps until you have added all the proxy users.

All changes apply immediately.

To Add a Proxy User Group

You can group proxy users into logical groups for convenience; then you can use a group instead of single names in a policy rule.

  1. Select Proxy User from the Type choice list.

  2. Select New Group... from the Add New choice list.

    The Proxy User dialog window appears.

    Figure 7-5 Proxy User Dialog Window

    Graphic

  3. Type the name for this group of proxy users in the Name field.

  4. (Optional) Type a short description of this definition in the Description field.

  5. Click the User Enabled box to enable the user group.

  6. Click and highlight the name of the proxy user or group of proxy users in the list of Proxy Users that you want to include in this group of Member Users.

  7. Click the Add button to move it to the Member Users list.

    Similarly, you can remove proxy users and lists of groups of proxy users from the Member Users list by clicking and highlighting the name and clicking the Remove button.

  8. Do this for all the proxy users and groups of proxy users that you wish to include in your definition.

  9. Click the OK button.

  10. Repeat the above steps until you have defined all the groups of users required.

To Add Spam Domains

You can define the domains from which you think that you receive spam mail.

  1. Select Screen from the Type choice list.

  2. Select New... from the Add New choice list.

    The Screen dialog window appears.

  3. Type a name in the Name field.

  4. (Optional) Type a brief description in the Description field.

  5. Click the Mail Proxy tab.

    The Spam Domain list appears.

    Figure 7-6 Screen Dialog Window, Mail Proxy Tab

    Graphic

  6. Click on the name you want to add to the Spam Domain list.

  7. Click the Add button.

  8. Click the OK button.

  9. Repeat these steps until you have added all the domains from which you receive Spam mail.

To Delete Spam Domains
  1. Select the rule in the Policy Rules area.

  2. Click the Search button.

  3. Select the Spam domain from the Results field.

  4. Click the Edit... button.

    The Screen dialog window appears.

  5. Click the Mail Proxy tab.

  6. Select and highlight the Spam domain to be deleted in the Spam Domains field.

  7. Click the Delete button.

  8. Click the OK button.

All changes apply immediately.