SunScreen 3.1 Reference Manual

Creating a Proxy User Object

The proxy user object is manipulated using the proxyuser subcommand of ssadm edit. proxyuser takes one of the following as commands:

add "name" item... - Creates or overwrites an object; takes a complete (perhaps initial, in the case of GROUP) description of the object, beginning with its name, followed by desired items, as defined above.
delete "name" - Deletes a named object.
addmember "grpname" "memname" - Adds a member to an existing GROUP object; duplicate addmember operations are ignored.
deletemember "grpname" "memname" - Deletes a member from an existing GROUP object; attempts to remove an unknown member are ignored.
print[,sortopt] ["name"] - Display one or more objects; if an object name is given, then only that object's definition is displayed; otherwise, all proxy user objects are displayed.
names [,sortopt] - display the names of all objects; sortopt can be:
- asc - ascending order by name (case-sensitive)
- desc - descending order by name (case-sensitive)
- iasc - ascending order by name (case-insensitive)
- idesc - descending order by name (case-insensitive)
- raw - order stored in database
  
  The default is asc.

The following is an example of what you type to display existing proxy user objects, while logged into the primary Screen:

admin% ssadm -r primary edit Initial
edit> proxyuser print jdh"jdh" ENABLED SIMPLE AUTH_USER_NAME="jeff.hogg" 
BACKEND_USER_NAME="jeffh" DESCRIPTION="Jeff Hogg as self on Solaris" 
edit> proxyuser print proxyusers"
proxyusers" ENABLED GROUP MEMBER_NAME="radius" MEMBER_NAME="jdh" 
DESCRIPTION="users allowed through FTP and telnet proxies"

The following is an example of what you type to create the above SIMPLE proxy user object, while logged into the primary Screen:

admin% ssadm -r primary edit Initial
edit> proxyuser add jdh auth_user_name=jeff.hogg 
backend_user_name=jeffh description="Jeff Hogg as self on Solaris"
edit> quit

You do not have to save these changes before quitting. The following is an example of what you type to create the above GROUP proxy user object, while logged into the primary Screen. First create the initial group with no members:

admin% ssadm -r primary edit Initial
edit> proxyuser add proxyusers group 
description="users allowed through FTP and telnet proxies"

Note -

This above empty group creation demonstrates a case where the GROUP type cannot be deduced from the other tags, since description= is a tag common to all proxy user object types.

The next example is what you type to add the members of the example GROUP:

edit> proxyuser addmember proxyusers radius
edit> proxyuser addmember proxyusers jdh

Member names are stored in the order in which you add them to GROUP objects. The order is unimportant to authentication processing. This example also uses a SPECIAL object radius that is defined during initial installation.

In each of the above add operations, the items have been allowed to default to enabled.

The following is an example of what you type, while logged into the primary Screen, to remove a member reference from a GROUP proxy user object:

admin% ssadm -r primary edit Initial
edit> proxyuser deletemember proxyusers radius
edit> proxyuser print proxyusers 
"proxyusers" ENABLED GROUP MEMBER_NAME="jdh" 
DESCRIPTION="users allowed through FTP and telnet proxies"

The following is an example of what you type to display all proxy user objects, while logged into the primary Screen:

admin% ssadm -r primary edit Initial
edit> proxyuser print
"admin" ENABLED SIMPLE AUTH_USER_NAME="admin" DESCRIPTION="initial SunScreen 
administrator" "admin-group" ENABLED GROUP MEMBER_NAME="admin" DESCRIPTION="SunScreen 
administrators"  
"anonymous" ENABLED SIMPLE BACKEND_USER_NAME="anonymous" 
DESCRIPTION="unauthenticated user, for anonymous FTP, etc."  "ftp" 
ENABLED SIMPLE BACKEND_USER_NAME="anonymous" 
DESCRIPTION="unauthenticated user, for anonymous FTP, etc."  
"jdh" ENABLED SIMPLE AUTH_USER_NAME="jeff.hogg" BACKEND_USER_NAME="jeffh" 
DESCRIPTION="Jeff Hogg as self on Solaris"  "proxyusers" 
ENABLED GROUP MEMBER_NAME="radius" MEMBER_NAME="jdh" 
DESCRIPTION="users allowed through FTP and telnet proxies" 
"radius" ENABLED SIMPLE RADIUS DESCRIPTION="default, external, non-specific RADIUS proxy_user"  
"securid" ENABLED SIMPLE SECURID DESCRIPTION="default, external, non-specific SecurID proxy_user"

The following is an example of what you type to display the names of all proxy user objects, while logged into the primary Screen:

admin% ssadm -r primary edit Initial
edit> proxyuser names,raw
"admin" "admin-group"  "anonymous" "ftp" "radius" "securid" "jdh" "proxyusers"