test

SunScreen 3.1 Administration Guide

FTP Proxy Service With SecurID User Authentication

The following information is used in this example:

To Set Up the Service

  1. Follow the steps in the section above, "Configuring RADIUS Authentication for SunScreen."

  2. Configure the FTP Proxy Service

    1. Create a Proxy user group, for example, ftp-grp.

    2. Add pre-defined users radius and securid toftp-grp:


      # ssadm edit <Policy>> proxyuser add
ftp-grp GROUP> proxyuser 
addmember ftp-grp radius
> proxyuser addmember ftp-grp securid

    3. For each user that will be using the FTP Proxy:

      • Create a record in the Authorized User database.

      • Create a record in the Proxy User database.

      • Add user as member of ftp-grp:


        # ssadm edit  <Policy>> authuser add au1 PASSWORD=\{ au1_pw\}> 
proxyuser add pu1 auth_user_name=au1
backend_user_name=BkEndUsrName > 
proxyuser addmember ftp-grp pu1

      Since there are typically many users to administer, this can be done through a script.

    4. Add a rule to allow FTP proxy for proxy user group ftp-grp:


      # ssadm edit <Policy>edit
> Add Rule ftp USER ftp-grp ALLOW 
PROXY_FTP \ FTP_GET FTP_CHDIRedit > save
# ssadm activate <Policy>

  3. Test the FTP Proxy with SecurID Authentication:


    # ftp EFS_Screen_name
Username @Hostname: /securid/securid_user@server
Password: securid_passcode@BkEndUsrName_password