Proxy User Authentication

The FTP and telnet proxies of SunScreen EFS 3.0 provide the ability to restrict access to users who can verify their authenticity.

User authentication mechanisms of SunScreen EFS 3.0 are described in detail in a subsequent major section "User Authentication." In this section, the discussion is prefaced by notes that pertain especially to how these user mechanisms are employed by the proxies.

The goals of user authentication within a proxy are to:

• Establish the authenticity of a Proxy User

• Locate a rule that references that authenticated Proxy User

A side-effect of the establishment of an authentic user is a collateral mapping to a backend user identity. This identity is a string that is supplied (by the FTP proxy) as the user of the backend server (for example: a users userid on Solaris).

The second goal is achieved during the rule matching steps previously described. A rule that references the authentic Proxy User itself, or that references a GROUP Proxy User that contains an ENABLED member reference to that authentic Proxy User causes a successful user match.

Proxy Limitations

Proxy implementation in SunScreen EFS 3.0 has the following limitations:

• You cannot set up an FTP proxy through the HTTP proxy. Consequently, internal users cannot use a browser for FTP file access through a Screen.

• Proxies can only be used on Screens with at least one routing-mode interface.

• You cannot use proxies on Screens in an HA cluster.