Revision: 6167
http://ipcop.svn.sourceforge.net/ipcop/?rev=6167&view=rev
Author: eoberlander
Date: 2011-12-17 17:42:55 +0000 (Sat, 17 Dec 2011)
Log Message:
-----------
Add Marco's text and screenshots for proxy identd Authentication section.
Update broken links.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/xml/proxy.xml
Added Paths:
-----------
IPCopDoc/trunk/en/admin/images/proxy-identd-all.png
IPCopDoc/trunk/en/admin/images/proxy-identd-common.png
IPCopDoc/trunk/en/admin/images/proxy-identd-user.png
Added: IPCopDoc/trunk/en/admin/images/proxy-identd-all.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-identd-all.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-identd-common.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-identd-common.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-identd-user.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-identd-user.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: IPCopDoc/trunk/en/admin/xml/proxy.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-12-17 16:16:02 UTC (rev
6166)
+++ IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-12-17 17:42:55 UTC (rev
6167)
@@ -57,8 +57,222 @@
<sect2 id="proxy-auth-identd">
<title>identd Authentication</title>
<para>
- Content to be written...
+ This authentication method is the preferred solution for environments
+ where:
</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Authentication must be a <quote>hidden</quote> process without
+ entering username and password.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The proxy service must operate in transparent mode.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Usernames will be used only for logging rather than for
+ authentication.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ The identd authentication method requires an <command>identd</command>
+ service or daemon running on the client.
+ Unlike other authentication methods, identd comes without the
+ <quote>Global authentication settings</quote> section.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-identd-all.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-identd-all.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>identd Authentication section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <para>
+ In addition to the authentication you can define positive or negative
+ user based access control lists.
+ </para>
+
+ <sect3 id="proxy-auth-identd-prereq">
+ <title>Client-side prerequisites</title>
+ <para>
+ Most Linux based clients already have an ident daemon
+ (<command>identd</command>) installed by default.
+ </para>
+ <para>
+ For Windows clients, there are several free <command>identd</command>
+ implementations available.
+ This one works for Windows XP and Vista:
+ <ulink
url="http://rndware.info/products/windows-ident-server.html";>rndware's
Windows Ident Server</ulink>
+ </para>
+ <note>
+ <para>
+ Port 113 (TCP) must be opened on client based firewalls.
+ </para>
+ </note>
+ </sect3>
+
+ <sect3 id="proxy-auth-identd-common">
+ <title>Common identd settings</title>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-identd-common.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-identd-common.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Common identd settings section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Require identd authentication</guilabel></title>
+ <para>
+ By default, <command>identd</command> authentication will not
+ be mandatory.
+ This configuration can be useful for logging purposes.
+ If you want to use <command>identd</command> for enforced
+ authentication, this option must be enabled.
+ Access for clients which don't authenticate using
+ <command>identd</command> will be denied.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ The proxy cannot run in transparent mode when using
+ <command>identd</command> authentication.
+ </para>
+ </note>
+ <formalpara>
+ <title><guilabel>Require authentication for unrestricted source
addresses</guilabel></title>
+ <para>
+ If <quote>Require ident authentication</quote> is enabled,
+ authentication will be also required for unrestricted
+ IP addresses.
+ If you don't want to require authentication for
+ unrestricted addresses, untick this box.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Ident timeout</guilabel></title>
+ <para>
+ Maximum time in seconds for the Proxy to wait for
+ ident lookups to be completed.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Ident aware hosts</guilabel></title>
+ <para>
+ This enables ident lookups for the listed client addresses.
+ Client addresses that are not listed here will not receive
+ ident requests.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ Unlisted clients will gain access without authentication,
+ even if the option <quote>Require ident authentication</quote>
+ is enabled.
+ </para>
+ </note>
+ <formalpara>
+ <title><guilabel>Destinations without authentication</guilabel>
(optional)</title>
+ <para>
+ This allows you to define a list of destinations that can be
+ accessed without authentication.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ Any domains listed here are destination DNS domains and not
+ source Windows NT domains.
+ </para>
+ </note>
+ <para>
+ Examples:
+ </para>
+ <para>
+ Entire domains and subdomains
+ </para>
+ <screen><computeroutput>*.example.net
+*.google.com</computeroutput></screen>
+ <para>
+ Single hosts
+ </para>
+ <screen><computeroutput>www.example.net
+www.google.com</computeroutput></screen>
+ <para>
+ IP addresses
+ </para>
+ <screen><computeroutput>81.169.145.75
+74.125.39.103</computeroutput></screen>
+ <para>
+ URLs
+ </para>
+ <screen><computeroutput>www.example.net/download
+www.google.com/images</computeroutput></screen>
+ <note>
+ <para>
+ You can enter all of these destination types in any order.
+ </para>
+ </note>
+ </sect3>
+
+ <sect3 id="proxy-auth-identd-user">
+ <title>User based access restrictions</title>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-identd-user.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-identd-user.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>User based access restrictions section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Enabled</guilabel></title>
+ <para>
+ Enables access control lists for authorized or unauthorized
+ users.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Use positive access control / Authorized
users</guilabel></title>
+ <para>
+ The users listed here will be allowed web access.
+ For all other users, access will be denied.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Use negative access control / Unauthorized
users</guilabel></title>
+ <para>
+ The listed users will be blocked from web access.
+ For all other users, access will be allowed.
+ </para>
+ </formalpara>
+ </sect3>
</sect2>
<sect2 id="proxy-auth-ldap">
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
