Proxy User Object Definition
The SIMPLE Proxy User object is used to define associations between user authentication mechanisms and the identity a user assumes when connected to a permitted network resource. This association is loosely dubbed a role.
A SIMPLE Proxy User object can indicate one of three types of authentication be used: (1) none, (2) an Authorized User object, (3) an external authentication mechanism.
The relationship between SIMPLE Proxy Users and authentication mechanism was shown in an illustration previously.
A SIMPLE Proxy User object also indicates the user identity string to be supplied when establishing the user identity on a network resource. This network resource is dubbed the backend server and, by derivation, the identity established on the backend server is defined by the backend_user_name item.
Note -
In SunScreen EFS 3.0, the backend_user_name is only used by the FTP proxy.
A GROUP Proxy User object is a collection of one or more references to other Proxy User objects, either SIMPLE or GROUP.
Any Proxy User object, either SIMPLE or GROUP, contains the following items:
-
name name of the entity (1-255 characters).
-
enabled | disabled enablement -- flag for the entire object; if disabled, authentication of the associated user is always denied; default is enabled
-
group | simple type -- designator of the object; its almost always possible to omit this on input as it can be deduced from the presence of other type-specific items.
-
description="descstr"-- (optional) a demographic string that can be used to store notations about the role.
A SIMPLE Proxy User object contains the following items:
-
radius | securid -- (optional) indicates this object is a SPECIAL one, associated with unrestricted mapping of users from the RADIUS or SecurID system (an external authentication method); only one SPECIAL indicator can be present in a given Proxy User object; if present, the next ( auth_user_name= ) item should not be given
-
auth_user_name="auser" -- (optional) indicates the name of an Authorized
User object to be used to authenticate this user role; if absent, and if no SPECIAL item is present, then the Proxy User object requires no authentication:
-
backend_user_name="beuser" -- gives the backend user name string to supply when establishing the users identity on a backend server; if no SPECIAL item is present, then this item is required, otherwise it is ignored.
A GROUP Proxy User object contains zero or more of the following items:
-
member_name="memname" -- gives the name of another Proxy User object that is a group member.
Note -Although it is permissible to add a GROUP Proxy User object, including a complete list of its members, special commands addmember and deletemember are provided to edit the membership list of a GROUP.
- © 2010, Oracle Corporation and/or its affiliates