Revision: 6220
http://ipcop.svn.sourceforge.net/ipcop/?rev=6220&view=rev
Author: eoberlander
Date: 2012-01-08 16:51:03 +0000 (Sun, 08 Jan 2012)
Log Message:
-----------
Add Marco's text and screenshots for proxy Local Authentication section.
Modified Paths:
--------------
IPCopDoc/trunk/en/admin/xml/proxy.xml
Added Paths:
-----------
IPCopDoc/trunk/en/admin/images/proxy-local-all.png
IPCopDoc/trunk/en/admin/images/proxy-local-user.png
IPCopDoc/trunk/en/admin/images/proxy-local-useradd.png
IPCopDoc/trunk/en/admin/images/proxy-local-useredit.png
IPCopDoc/trunk/en/admin/images/proxy-local-webpass.png
Added: IPCopDoc/trunk/en/admin/images/proxy-local-all.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-local-all.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-local-user.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-local-user.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-local-useradd.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-local-useradd.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-local-useredit.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-local-useredit.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: IPCopDoc/trunk/en/admin/images/proxy-local-webpass.png
===================================================================
(Binary files differ)
Property changes on: IPCopDoc/trunk/en/admin/images/proxy-local-webpass.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: IPCopDoc/trunk/en/admin/xml/proxy.xml
===================================================================
--- IPCopDoc/trunk/en/admin/xml/proxy.xml 2012-01-08 11:01:34 UTC (rev
6219)
+++ IPCopDoc/trunk/en/admin/xml/proxy.xml 2012-01-08 16:51:03 UTC (rev
6220)
@@ -50,10 +50,456 @@
<sect2 id="proxy-auth-local">
<title>Local Proxy Authentication</title>
<para>
- Content to be written...
+ Local user authentication is the preferred solution for SOHO
+ environments.
+ Users need to authenticate when accessing web sites by entering a
+ valid username and password.
+ The user management resides on the IPCop Proxy Server.
+ Users are categorized into three groups:
+ <emphasis>Extended</emphasis>,
+ <emphasis>Standard</emphasis> and
+ <emphasis>Disabled</emphasis>.
</para>
+ <para>
+ This authentication method lets you manage user accounts locally
+ without the need for external authentication servers.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-local-all.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-local-all.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Local Proxy Authentication</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+
+ <sect3 id="proxy-auth-local-global">
+ <title>Global authentication settings</title>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata
fileref="&imagepath;proxy-global-settings.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata
fileref="&imagepath;proxy-global-settings.&imageext;" format="PNG"
align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Global authentication settings section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Number of authentication
processes</guilabel></title>
+ <para>
+ The number of background processes listening for requests.
+ The default value is 5 and should be increased if
authentication
+ takes too long or Windows integrated authentication falls back
+ to explicit authentication.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Authentication cache TTL</guilabel></title>
+ <para>
+ Duration in minutes how long credentials will be cached for
+ each single session.
+ If this time expires, the user has to re-enter the credentials
+ for this session.
+ The default is set to 60 minutes, the minimum will be 1 minute.
+ The TTL will always be reset when the user sends a new request
+ to the Proxy Server within a session.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ If the user opens a new session, the credentials must always
+ be entered, even if the TTL has not expired for another
session.
+ </para>
+ </note>
+ <formalpara>
+ <title><guilabel>Limit of IP addresses per user</guilabel>
(optional)</title>
+ <para>
+ Number of source IP addresses a user can be logged in at one
+ time.
+ The IP address will be released after the time defined at
+ <emphasis>User/IP cache TTL</emphasis>.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ This takes no effect if running Local authentication and the
+ user is a member of the <quote>Extended</quote> group.
+ </para>
+ </note>
+ <formalpara>
+ <title><guilabel>User/IP cache TTL</guilabel></title>
+ <para>
+ Duration in minutes, how long relations between each user name
+ and the used IP address will be cached.
+ The default value is 0 (disabled).
+ </para>
+ </formalpara>
+ <para>
+ A value greater than 0 is only reasonable while using a limit for
+ concurrent IP addresses per user.
+ </para>
+ <formalpara>
+ <title><guilabel>Require authentication for unrestricted source
addresses</guilabel></title>
+ <para>
+ By default authentication is required even for unrestricted IP
+ addresses.
+ If you don't want to require authentication for these
+ addresses, untick this box.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Authentication realm prompt</guilabel></title>
+ <para>
+ This text will be shown in the authentication dialog.
+ The default is <quote>IPCop Advanced Proxy Server</quote>.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Destinations without
authentication</guilabel></title>
+ <para>
+ This allows you to define a list of destinations that can be
+ accessed without authentication.
+ </para>
+ </formalpara>
+ <note>
+ <para>
+ Any domains listed here are destination DNS domains and not
+ source Windows NT domains.
+ </para>
+ </note>
+ <para>
+ Examples:
+ </para>
+ <para>
+ Entire domains and subdomains
+ </para>
+ <screen><computeroutput>*.example.net
+*.google.com</computeroutput></screen>
+ <para>
+ Single hosts
+ </para>
+ <screen><computeroutput>www.example.net
+www.google.com</computeroutput></screen>
+ <para>
+ IP addresses
+ </para>
+ <screen><computeroutput>81.169.145.75
+74.125.39.103</computeroutput></screen>
+ <para>
+ URLs
+ </para>
+ <screen><computeroutput>www.example.net/download
+www.google.com/images</computeroutput></screen>
+ <note>
+ <para>
+ You can enter all of these destination types in any order.
+ </para>
+ </note>
+ <para>
+ Example for Windows Update.
+ </para>
+ <para>
+ To allow access to Windows Update without authentication add these
+ destinations to the list:
+ </para>
+ <screen><computeroutput>*.download.microsoft.com
+*.windowsupdate.com
+windowsupdate.microsoft.com</computeroutput></screen>
+ </sect3>
+
+ <sect3 id="proxy-local-user">
+ <title>Local user authentication</title>
+ <para>
+ The integrated user manager can be executed from the main
+ settings page.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-local-user.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-local-user.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>User based access restrictions section</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <formalpara>
+ <title><guilabel>Min password length</guilabel></title>
+ <para>
+ Enter the minimum required length of passwords.
+ The default is set to 6 alphanumeric characters.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>Bypass redirection for members of the group
extended</guilabel></title>
+ <para>
+ If any redirector (e.g. like the URL filter add on) is
installed,
+ all members of the group <emphasis>Extended</emphasis> will
+ bypass this redirector.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title><guilabel>User management</guilabel></title>
+ <para>
+ This button opens the local user manager.
+ </para>
+ </formalpara>
+ </sect3>
+
+ <sect3 id="proxy-local-user-manager">
+ <title>Local user manager</title>
+ <para>
+ The user manager is the interface for creating, editing and
+ deleting user accounts.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-local-useradd.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-local-useradd.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Local user administration</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <para>
+ Within the user manager page, all available accounts are listed
+ in alphabetically order.
+ </para>
+ <formalpara>
+ <title>Group definitions</title>
+ <para>
+ You can select between three different groups:
+ </para>
+ </formalpara>
+ <variablelist>
+ <varlistentry>
+ <term>Standard</term>
+ <listitem>
+ <para>
+ The default for all users.
+ All given restrictions apply to this group.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Extended</term>
+ <listitem>
+ <para>
+ Use this group for unrestricted users.
+ Members of this group will bypass any time and filter
+ restrictions.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Disabled</term>
+ <listitem>
+ <para>
+ Members of this group are blocked.
+ This can be useful if you want to disable an account
+ temporarily without losing the password.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <formalpara>
+ <title>Proxy service restart requirements</title>
+ <para>
+ The following changes to user accounts will require a restart
+ of the proxy service:
+ </para>
+ </formalpara>
+ <itemizedlist>
+ <listitem>
+ <para>
+ A new user account was added and the user is not a member
+ of the <emphasis>Standard</emphasis> group.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The group membership for a certain user has been changed.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ The following changes to user accounts will
+ <emphasis>not</emphasis> require a restart of the proxy service:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ A new user account was added and the user is a member of
+ the <emphasis>Standard</emphasis> group.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The password for a certain user has been changed.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ An existing user account has been deleted.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ <sect3 id="proxy-local-user-create">
+ <title>Create user accounts</title>
+ <formalpara>
+ <title>Username</title>
+ <para>
+ Enter the username for the user.
+ If possible, the name should contain only alphanumeric
+ characters.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Group</title>
+ <para>
+ Select the group membership for this user.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Password</title>
+ <para>
+ Enter the password for the new account.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Password (confirm)</title>
+ <para>
+ Confirm the previously entered password.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Create user</title>
+ <para>
+ This button creates a new user account.
+ If this username already exists, the account for this username
+ will be updated with the new group membership and password.
+ </para>
+ </formalpara>
+ <formalpara>
+ <title>Back to main page</title>
+ <para>
+ This button closes the user manager and returns to the
+ main page.
+ </para>
+ </formalpara>
+ </sect3>
+
+ <sect3 id="proxy-local-user-edit">
+ <title>Edit user accounts</title>
+ <para>
+ A user account can be edited by clicking on the
+ <emphasis>Yellow pencil</emphasis> icon.
+ When editing a user account, only the group membership or password
+ can be changed.
+ </para>
+ <para>
+ While editing an account, the referring entry will be marked with
+ a yellow bar.
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-local-useredit.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata
fileref="&imagepath;proxy-local-useredit.&imageext;" format="PNG"
align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Edit local user</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ <para>
+ To save the changed settings, use the button
+ <guibutton>Update user</guibutton>.
+ </para>
+ <note>
+ <para>
+ The username cannot be modified.
+ This field is read-only.
+ If you need to rename a user, delete the user and create
+ a new account.
+ </para>
+ </note>
+ </sect3>
+
+ <sect3 id="proxy-local-user-delete">
+ <title>Delete user accounts</title>
+ <para>
+ A user account can be deleted by clicking on the
+ <emphasis>Trashcan</emphasis> icon.
+ The account will be deleted immediately.
+ </para>
+ </sect3>
+
+ <sect3 id="proxy-local-user-passman">
+ <title>Client side password management</title>
+ <para>
+ Users may change their passwords if needed.
+ The interface can be invoked by entering this URL:
+ </para>
+ <screen><computeroutput><ulink
url="http://192.168.1.1:81/cgi-bin/chpasswd.cgi";>http://192.168.1.1:81/cgi-bin/chpasswd.cgi</ulink></computeroutput></screen>
+ <note>
+ <para>
+ Replace <emphasis>192.168.1.1</emphasis> with the GREEN IP
+ address of your IPCop.
+ </para>
+ </note>
+ <para>
+ The web page dialog requires the username, the current password
+ and the new password (twice for confirmation).
+ </para>
+ <para>
+ <mediaobject>
+ <imageobject role="fo">
+ <imagedata fileref="&imagepath;proxy-local-webpass.&imageext;"
+ format="PNG"
+ contentwidth="14cm"/>
+ </imageobject>
+ <imageobject role="html">
+ <imagedata fileref="&imagepath;proxy-local-webpass.&imageext;"
format="PNG" align="center"/>
+ </imageobject>
+ <textobject>
+ <phrase>Change web access password page</phrase>
+ </textobject>
+ </mediaobject>
+ </para>
+ </sect3>
</sect2>
-
+
<sect2 id="proxy-auth-identd">
<title>identd Authentication</title>
<para>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
