The UNIX authentication agent comprises a set of tools which allow users on UNIX (or UNIX-like) workstations to authenticate themselves to a CEQURUX firewall. At present, RSA, DSA and S/Key authentication are possible, and the platforms supported include Linux, FreeBSD and Solaris. These tools operate somewhat differently to the MS-Windows versions, due to the multi-user nature of UNIX.
There are two major components of the UNIX authentication agent, namely authdaemon and authagent. authdaemon runs in the background listening for firewall callbacks and relaying information between the firewall and authagent, which interacts with the user and performs the authentication. Typically, authdaemon will be started only once, while authagent may be started many times, each invocation interacting with the same daemon.
When the user attempts to connect to a host beyond the firewall (using authagent as a wrapper), the connection may be blocked by the firewall until the user has been authenticated. The firewall makes a callback to the machine attempting this connection, and sends details of the connection attempt. authdaemon uses this information to determine which process attempted the connection, and thus determines which authagent, if any, it should interact with. The appropriate authagent then attempts to authenticate the user to the firewall. If successfull, the firewall then allows the connection to proceed.
The agent may function as a wrapper to commands like telnet, or may spawn a shell from which commands may be issued. When user input is required to obtain passwords, the agent may prompt for this on the command line or may pop up an input window to collect the password.
Two utility programs, generate_rsa and generate_dsa, may be used to generate public and private RSA and DSA keys, while a third utility, poppasswd may be used by authagent to collect passwords.
authagent and authdaemon are controlled by their configuration files, /etc/cequrux_authagent.ini and /etc/cequrux_authdaemon.ini, which may be overridden by user-customized files. The file ~/.fwauth in the user's home directory provides details of the authentication method to be used and the associated user name (as known to the firewall), for each service to be used on each firewall.
The programs can be found on your firewall CD in the /UNIX directory. Please read the README file in this directory for details on the requirements, installation procedure, and use of these programs.