Authorized User is a Common Object that provides a way for you to specify which users are allowed to use the Telnet, HTTP, and FTP proxy.
The proxy users database depends on information in the authorized users database. To take full advantage of the user authentication feature of the FTP, HTTP, and Telnet proxies, you must create entries for both authorized users and proxy users. Define a user in the Authorized User area in the Policy Rules page before defining that user as a proxy user. See "Authentication" in SunScreen 3.2 Administrator's Overview for information on the proxy database and the authorized user database.
Also see SunScreen 3.2 Configuration Examples for an example that uses Authorized User and Proxy User.
You can define authorized and proxy user objects with identical names. Choose a naming strategy for each set that reflects naming systems already in use. For example, you might choose to name authorized users by employee identities, such as surname or employee number, and proxy users by their login names.
The proxy user database contains the mapping information for users of SunScreen proxies. FTP, HTTP, and Telnet rules reference the proxy user entries. Additionally, a user connecting through either of these proxies will often be configured to require authentication by using an authorized user identity. Users logging in with a Telnet proxy are authenticated through the authorized user identity.
You can also use external authentication mechanisms, such as RADIUS or SecurID, to enable user authentication by using special proxy user entries, which create a translation.
By referencing these special mechanisms directly in rules, or by adding references to other proxy user groups, you can allow users authenticated by those mechanisms to behave as authenticated users in the referenced contexts.
Names of proxy users must not contain the following characters: !, @, #, $, %, ^, &, *, {, }, [, ], <, >, ", `, \, or ?, nor may they contain a NULL character.
The following table describes the controls for the Authorized User dialog box for an authorized user object.
Table 2-21 Controls for the User Dialog Box for an Authorized User Object and an Administrative User Object
Control |
Description |
---|---|
User Name |
Specifies the login name of the authorized user. |
Description |
(Optional) Provides a brief description about the authorized user. |
User Enabled |
Controls whether the user can log into the Screen's proxy. This function permits the administrator to refuse login privileges to someone who previously could log in without having to remove that person from the list of proxy users. |
Password |
Specifies the login password for the authorized user. |
Retype Password |
Specifies the login password for the authorized user. The password typed in this field must exactly match the password you typed in the Password field. |
SecurID Name |
(Optional) Specifies the user's login name for SecurID authorization. |
Real Name |
(Optional) Identifies the real name of the authorized user. |
Contact Information |
(Optional) Displays information on how to contact the specified user. |
OK Button |
Stores the new or changed information. |
Cancel Button |
Cancels any new or changed information. |
Help Button |
Calls up the page of online help for this common object. |
Execute the steps in "To Modify the Policies Associated with a Common Object".
Select Authorized User from the Type list.
Select New from the Add New button.
The User dialog box appears.
Type the user name in the User Name field.
(Optional) Type a description in the Description field.
Click the User Enabled button.
Define the authorization method by either assigning a password or choosing a SecureID name.
Select the Enabled check box.
(Optional) Type a name in the Real Name field.
(Optional) Type an email address in the Contact Information field.
Repeat these steps until you have added all the authorized users.
Click the OK button.
All changes apply immediately.