User Manual

Security Examples
11-28
Figure 11-53 shows how to configure the SCS in this situation:
Figure 11-53: Configuring Database Order
11.8.2 Terminal User Forced to Execute Command
Terminal user jerry does not have an existing account on UNIX. He will only use the SCS to Telnet to his
own remote host, venus. The following figure shows the commands necessary to add jerry to the local
database.
Figure 11-54: A Single User Entry
When jerry connects to the SCS, he is prompted for a login password, then his own username and password.
When authenticated, he is automatically telnetted to host venus and logged out of the SCS.
Jerry will see the following:
Figure 11-55: Results of User Authentication with Command
11.8.3 Multiple-User Authentication
A large number of users need to connect to the SCS. These users must be authenticated. The SCS must be
configured to meet the following criteria:
All users will connect to port 2.
50 users have their usernames and passwords stored in a UNIX password file.
Another 20 users are PPP users that share site pppUsers for their connections. This sites password
is special.
Local>> DEFINE AUTHENTICATION RADIUS PRECEDENCE 2
Local>> DEFINE AUTHENTICATION RADIUS PRIMARY 192.0.1.55 PORT 1640
Local>> DEFINE AUTHENTICATION TFTP PRECEDENCE 3
Local>> DEFINE AUTHENTICATION TFTP PRIMARY 192.0.1.87
Local>> DEFINE AUTHENTICATION TFTP SECONDARY 192.0.1.99
Local>> DEFINE AUTHENTICATION LOCAL PRECEDENCE 4
Local>> DEFINE AUTHENTICATION RADIUS ACCOUNTING ENABLED
Local>> DEFINE AUTHENTICATION RADIUS ACCOUNTING PRIMARY 192.0.1.176
Local>> DEFINE AUTHENTICATION USER “jerry” PASSWORD “3no37” COMMAND “TELNET
venus;LOGOUT” ALTER DISABLED
Type HELP at the ‘Local_1>’ prompt for assistance.
Login password> badger (not echoed)
Username> jerry
Password> 3no37 (not echoed)
Telnet/TCP protocol emulation v2.2
SunOS UNIX (venus)
Login:_