The proxy user object is manipulated using the proxyuser subcommand of ssadm edit. proxyuser takes one of the following as commands:
add "name" item... - Creates or overwrites an object. It takes a complete (perhaps initial, in the case of GROUP) description of the object, beginning with its name, followed by desired items, as defined above.
delete "name" - Deletes a named object.
addmember "grpname" "memname" - Adds a member to an existing GROUP object. Duplicate addmember operations are ignored.
deletemember "grpname" "memname" - Deletes a member from an existing GROUP object. Any attempts to remove an unknown member are ignored.
print[,sortopt] ["name"] - Displays one or more objects. If an object name is given, then only that object's definition is displayed; otherwise, all proxy user objects are displayed.
names [,sortopt] - Displays the names of all objects. sortopt can be:
asc - ascending order by name (case-sensitive)
desc - descending order by name (case-sensitive)
iasc - ascending order by name (case-insensitive)
idesc - descending order by name (case-insensitive)
raw - order stored in database
The default is asc.
Following are examples of displaying, creating, adding, and removing proxy user objects:
To display existing proxy user objects, while logged into the primary Screen:
admin% ssadm -r primary edit Initial edit> proxyuser print jdh "jdh" ENABLED SIMPLE AUTH_USER_NAME="jeff.hogg" BACKEND_USER_NAME="jeffh" DESCRIPTION="Jeff Hogg as self on Solaris" edit> proxyuser print proxyusers "proxyusers" ENABLED GROUP MEMBER_NAME="radius" MEMBER_NAME="jdh" DESCRIPTION="users allowed through FTP and telnet proxies" |
To create the above SIMPLE proxy user object, while logged into the primary Screen:
admin% ssadm -r primary edit Initial edit> proxyuser add jdh auth_user_name=jeff.hogg backend_user_name=jeffh description="Jeff Hogg as self on Solaris" edit> quit |
To create the above GROUP proxy user object, while logged into the primary Screen. First create the initial group with no members:
admin% ssadm -r primary edit Initial edit> proxyuser add proxyusers group description="users allowed through FTP and telnet proxies" |
The above empty group creation demonstrates a case where the GROUP type cannot be deduced from the other tags, since description= is a tag common to all proxy user object types.
To add the members of the example GROUP:
edit> proxyuser addmember proxyusers radius edit> proxyuser addmember proxyusers jdh |
Member names are stored in the order in which you add them to GROUP objects. The order is unimportant to authentication processing. This example also uses a SPECIAL object radius that is defined during initial installation.
In each of the above add operations, the items have been allowed to default to enabled.
Following are examples of displaying and removing proxy user objects.
To remove a member reference from a GROUP proxy user object, while logged into the primary Screen:
admin% ssadm -r primary edit Initial edit> proxyuser deletemember proxyusers radius edit> proxyuser print proxyusers "proxyusers" ENABLED GROUP MEMBER_NAME="jdh" DESCRIPTION="users allowed through FTP and telnet proxies" |
To display all proxy user objects, while logged into the primary Screen:
admin% ssadm -r primary edit Initial edit> proxyuser print "admin" ENABLED SIMPLE AUTH_USER_NAME="admin" DESCRIPTION="initial SunScreen administrator" "admin-group" ENABLED GROUP MEMBER_NAME="admin" DESCRIPTION="SunScreen administrators" "anonymous" ENABLED SIMPLE BACKEND_USER_NAME="anonymous" DESCRIPTION="unauthenticated user, for anonymous FTP, etc." "ftp" ENABLED SIMPLE BACKEND_USER_NAME="anonymous" DESCRIPTION="unauthenticated user, for anonymous FTP, etc." "jdh" ENABLED SIMPLE AUTH_USER_NAME="jeff.hogg" BACKEND_USER_NAME="jeffh" DESCRIPTION="Jeff Hogg as self on Solaris" "proxyusers" ENABLED GROUP MEMBER_NAME="radius" MEMBER_NAME="jdh" DESCRIPTION="users allowed through FTP and telnet proxies" "radius" ENABLED SIMPLE RADIUS DESCRIPTION="default, external, non-specific RADIUS proxy_user" "securid" ENABLED SIMPLE SECURID DESCRIPTION="default, external, non-specific SecurID proxy_user" |
To display the names of all proxy user objects, while logged into the primary Screen:
admin% ssadm -r primary edit Initial edit> proxyuser names,raw "admin" "admin-group" "anonymous" "ftp" "radius" "securid" "jdh" "proxyusers" |