The following information is used in this example:
Proxy User name: pu1 (May be same as user1)
Authorized User name: au1
Authorized User password: au1_pw
Backend user name: BkEndUsrName (May be same as user1)
Backend FTP Server name: BackendServer
SunScreen for Solaris Version 3.1 Proxy server name: EFS_hostname
Client machine name: tiny
Although the example uses different names for Proxy User name, Authorized User name, and Backend User name, they may all use the same name, which will simplify administration.
Proxy User name: user1
Authorized User name: user1
Authorized User password: user1_auth_pw
Backend user name: user1
Backend FTP Server name: BackendServer
SunScreen for Solaris Version 3.1 Proxy server name: EFS_hostname
Client machine name: tiny
Follow the steps in the section above, "Configuring RADIUS Authentication for SunScreen."
Configure the FTP Proxy Service
Create a Proxy user group, for example, ftp-grp.
Add pre-defined users radius and securid toftp-grp:
# ssadm edit <Policy>> proxyuser add ftp-grp GROUP> proxyuser addmember ftp-grp radius > proxyuser addmember ftp-grp securid |
For each user that will be using the FTP Proxy:
Create a record in the Authorized User database.
Create a record in the Proxy User database.
Add user as member of ftp-grp:
# ssadm edit <Policy>> authuser add au1 PASSWORD=\{ au1_pw\}> proxyuser add pu1 auth_user_name=au1 backend_user_name=BkEndUsrName > proxyuser addmember ftp-grp pu1 |
Since there are typically many users to administer, this can be done through a script.
Add a rule to allow FTP proxy for proxy user group ftp-grp:
# ssadm edit <Policy>edit > Add Rule ftp USER ftp-grp ALLOW PROXY_FTP \ FTP_GET FTP_CHDIRedit > save # ssadm activate <Policy> |
Test the FTP Proxy with SecurID Authentication:
# ftp EFS_Screen_name Username @Hostname: /securid/securid_user@server Password: securid_passcode@BkEndUsrName_password |