Username Authentication
This page describes how to configure username based authentication.
Overview
The username authentication method uses the system
password file to verify a username and password combination supplied
by a user as part of the SOCKS version 5 authentication process.
Note that the password is transmitted in cleartext with this
authentication method.
Environment setup
The standard system password authentication functions are used to
verify the password, and the machine running the SOCKS server needs to
have all users and passwords in a password file or similar database.
It might, depending on the platform, be possible to run the server in
a chroot() environment with a password file independent of
the rest of the system.
Server privileges
#server identities (not needed on solaris)
user.privileged : root
user.notprivileged : socks
For the server to be able to access the system password file, it
will typically have to be started with root privileges. In
this case, the user.privileged and
user.notprivileged keywords should be set to ensure that the
server will run as an unprivileged user when it does not need root
privileges.
Example clientmethod usage
This authentication method cannot be used as a clientmethod.
Example method usage
#authentication methods
socksmethod: username
#generic pass statement - bind/outgoing traffic
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: error # connect disconnect iooperation
socksmethod: username
}
The authentication configuration template can be used directly for
outgoing traffic, it is only necessary to specify the method name.
The username method cannot be used for incoming traffic
(bindreply, udpreply).
|