189
Chapter 19
19.
Using the Login Shell
You need to log into the firewall occasionally to manage it. You may log in directly
at the console or remotely via TELNET or Rlogin. Occasionally, you may also need
to FTP files to or from the firewall. Whenever you access the firewall remotely, you're
sending your password (and your root password) in the clear across your internal
network to the firewall. While you'd like to believe that this is secure, you want to
be prudent.
One way of doing this is to login to the firewall using some form of strong authentication
that uses one-time passwords or time-based responses. The login shell program
included with the Gauntlet firewall allows you to use the same strong authentication
scheme for logging into the firewall itself as you do for activity between opposite sides
of your security perimeter.
This section explains the concepts behind the login shell program and how it works, how
to configure the program, and how to use it.
Understanding the Login Shell Program
The login shell program is a wrapper program that authenticates the user (using strong
authentication) before passing control to the real login shell. It provides authentication
and logging.
How It Works
A user logs into the firewall via the console, TELNET or Rlogin. This calls the standard
login program (/bin/login) to process the login. The login program asks for a user name.
The login program reads the /etc/passwd file and determines that this user does not
require a password (because the password field is empty). It then passes the information
to the program specified in the shell field, the login shell program (/usr/etc/login-sh).
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......