The following information is used in this example:
Proxy User name: pu1 (May be same as user1)
Authorized User name: au1
Authorized User password: au1_pw
Backend user name: BkEndUsrName (May be same as user1)
Backend FTP Server name: BackendServer
SunScreen for Solaris Version 3.1 Proxy server name: EFS_hostname
Client machine name: tiny
Although the example uses different names for Proxy User name, Authorized User name, and Backend User name, they may all use the same name, which will simplify administration.
To simplify administration, the Proxy User name and the Authorized User name may use the same name as the Backend User name.
Proxy User name: user1
Authorized User name: May be same as user1
Authorized User password: user1_auth_pw
Backend user name: May be same as user1
Backend FTP Server name: BackendServer
SunScreen for Solaris Version 3.1 Proxy server name: EFS_hostname
Client machine name: tiny
Follow the steps in the section above, "Configuring RADIUS Authentication for SunScreen."
Configure the FTP Proxy Service:
Create a Proxy user group, for example, ftp-grp.
Add pre-defined users radius and securid to ftp-grp.
# ssadm edit <Policy>> proxyuser add ftp-grp GROUP> proxyuser addmember ftp-grp radius > proxyuser addmember ftp-grp securid |
For each user that will be using the FTP Proxy:
Create a record in the Authorized User database.
Create a record in the Proxy User database.
Add the user as member of ftp-grp:
# ssadm edit <Policy>> authuser add au11 PASSWORD=\{ au1_pw \}> proxyuser add pu1 auth_user_name=au1 \ backend_user_name=BkEndUsrName > proxyuser addmember ftp-grp pu1 |
This example assumes C shell, the back slash, \ before the brackets is the escape key from special characters { and }. For Bourne shell, the backslash is not necessary.
Since there are typically many users to administer, this can be done through a script.
Add a rule to allow the FTP proxy for the proxy user group, ftp-grp.
# ssadm edit <Policy>edit > Add Rule ftp USER ftp-grp ALLOW PROXY_FTP \FTP_GET FTP_CHDIR edit > save # ssadm activate <Policy> |
Test the FTP Proxy with RADIUS authentication:
# ftp EFS_Screen_nameUsername @Hostname: radius_user@ftp_server Password: radius_user_pw@password_at_ftp_server |