FTP Proxy Service With SecurID User Authentication
To Set Up the FTP Proxy Service With SecurID User Authentication
The following information is used in this example:
- Proxy user name
-
pu1
- Authorized user name
-
au1
- Authorized user password
-
au1_pw
- Backend user name
-
bu1
- Badkend user password
-
bu1_pw
- Backend FTP server name
-
ftp_server
- SecurID user name
-
bu1
- SecurID user passcode
-
securid_passcode
-
Follow the steps in "To Configure SecurID Authentication".
-
Configure the FTP Proxy Service
-
Create a Proxy user group, for example, ftp-grp.
-
Add predefined users radius and securid to ftp-grp:
# ssadm edit Policy > proxyuser add ftp-grp GROUP > proxyuser addmember ftp-grp radius > proxyuser addmember ftp-grp securid
-
For each user that will be using the FTP Proxy:
-
Create a record in the Authorized User database.
-
Create a record in the Proxy User database.
-
Add user as member of ftp-grp:
# ssadm edit Policy > authuser add au1 PASSWORD=\{ au1_pw\} > proxyuser add pu1 auth_user_name=au1 backend_user_name=bu1 > proxyuser addmember ftp-grp pu1Since there are typically many users to administer, this can be done through a script.
-
-
Add a rule to allow FTP proxy for proxy user group ftp-grp:
# ssadm edit Policy edit> Add Rule ftp USER ftp-grp ALLOW PROXY_FTP FTP_GET FTP_CHDIR edit> save # ssadm activate Policy
-
-
Test the FTP Proxy with SecurID Authentication:
FTP proxy login
ftp sunscreen_fw
Username@Hostname
/securid/bu1@ftp_server
Password
securid_passcode@bu1_pw
# ftp sunscreen_fw Username@Hostname: /securid/bu1@ftp_server Password: securid_passcode@bu1_pw
- © 2010, Oracle Corporation and/or its affiliates