SunScreen 3.1 Administration Guide

FTP Proxy Service With SecurID User Authentication

The following information is used in this example:

To Set Up the Service
  1. Follow the steps in the section above, "Configuring RADIUS Authentication for SunScreen."

  2. Configure the FTP Proxy Service

    1. Create a Proxy user group, for example, ftp-grp.

    2. Add pre-defined users radius and securid toftp-grp:

      # ssadm edit <Policy>> proxyuser add
      ftp-grp GROUP> proxyuser 
      addmember ftp-grp radius
      > proxyuser addmember ftp-grp securid

    3. For each user that will be using the FTP Proxy:

      • Create a record in the Authorized User database.

      • Create a record in the Proxy User database.

      • Add user as member of ftp-grp:

        # ssadm edit  <Policy>> authuser add au1 PASSWORD=\{ au1_pw\}> 
        proxyuser add pu1 auth_user_name=au1
        backend_user_name=BkEndUsrName > 
        proxyuser addmember ftp-grp pu1

      Since there are typically many users to administer, this can be done through a script.

    4. Add a rule to allow FTP proxy for proxy user group ftp-grp:

      # ssadm edit <Policy>edit
      > Add Rule ftp USER ftp-grp ALLOW 
      PROXY_FTP \ FTP_GET FTP_CHDIRedit > save
      # ssadm activate <Policy>

  3. Test the FTP Proxy with SecurID Authentication:

    # ftp EFS_Screen_name
    Username @Hostname: /securid/securid_user@server
    Password: securid_passcode@BkEndUsrName_password