The following is from the FireWall-1 Architecture and Administration manual
(Ch 10):
Note that, for item 10 below, the password should be encrypted with the C
language encrypt function. If you are using Firewall-1 passwords, I can
provide a 2-line perl script to do the encryption.
Regards
Rui Pereira,B.Sc.(Hons),CISSP,I.S.P.
WaveFront Consulting Group
User Database - Importing and Exporting
Importing a User Database
To import users into the FireWall-1 User Database from an external source,
you must
create an ASCII (text) file with the required information and import the
file into
FireWall-1 using the fw dbimport utility.
The import file must conform to the following syntax:
1 The first line in the file is an attribute list.
The attribute list can be any partial set of the following attribute set, as
long as
name is included:
2 The attributes must be separated by a delimiter character.
The default delimiter is the ; character. However, you can use a different
character by specifying the -d option in the command line (see below).
3 The rest of the file contains lines specifying the values of the
attributes per user.
The values are separated by the same delimiter character used for the
attribute
list.
An empty value for an attribute means use the default value.
4 For attributes that contain a list of values (for example, days), enclose
the values
in curly braces, that is,{}.
{name; groups; destinations; sources; auth_method; fromhour;
tohour; expiration_date; color; days; internal_password;
SKEY_seed; SKEY_passwd; SKEY_gateway; template; comments; userc}
Values in a list must be separated by commas. If there is only one value in
a list,
the braces may be omitted.
A + or - character appended to a value list means add to delete the values
in the
list from the current default user values.
Otherwise the default action is to replace the existing values.
5 Legal values for the days attribute are: MON, TUE, WED, THU, FRI, SAT,
SUN.
6 Legal values for the authentication method are: Undefined, S/Key, SecurID,
Unix Password, FireWall-1 Password, RADIUS, Defender.
7 Time format is hh:mm.
8 Date format is dd-mmm-yy, where mmm is one of {Jan, Feb, Mar, Apr, May,
Jun,
Jul, Aug, Sep, Oct, Nov, Dec}.
9 If the S/Key authentication method is used, all the other attributes
regarding this
method must be provided.
10 If the FireWall-1 password authentication method is used, a valid
FireWall-1
password should be given as well.
The password should be encrypted with the C language encrypt function.
11 Values regarding authentication methods other than the one specified are
ignored.
12 The userc field specifies the details of the user's SecuRemote
connections, and
has three parameters, as follows:
"Any" means the best method available for the connection. This depends on
the
encryption methods available to both sides of the connection.
TABLE 10-4 userc parameters
parameter values
key encryption method FWZ1, DES, CLEAR, Any
data encryption method FWZ1, DES, CLEAR, Any
integrity method MD5,[blank] = no data integrity
For example:
13 A line beginning with the ! character is considered a comment.
userc means
{FWZ1,FWZ1,MD5} key encryption method is FWZ1;
data encryption method is FWZ1;
data integrity method is MD5
{DES,CLEAR,} key encryption method is FWZ1;
no data encryption;
no data integrity
{Any,Any,} use "best" key encryption method;
use "best" data encryption method;
no data integrity
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 06, 2000 9:29 AM
Subject: [FW1] Sintax of user file
>
> Hello, I need to add 200+ users to FW-1. Could anyone please provide me
> with the sintax of the file so that this can be done with fw dbimport -f
> file command?
>
> Thanks in advance, Victoria
>
> Global Manufacturers' Services Valencia
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
