dante   Frontpage - Dante - Download - Status - Support - Modules - Docs - Links - Survey
 

Username Authentication

This page describes how to configure username based authentication.

Overview

The username authentication method uses the system password file to verify a username and password combination supplied by a user as part of the SOCKS version 5 authentication process. Note that the password is transmitted in cleartext with this authentication method.

Environment setup

The standard system password authentication functions are used to verify the password, and the machine running the SOCKS server needs to have all users and passwords in a password file or similar database. It might, depending on the platform, be possible to run the server in a chroot() environment with a password file independent of the rest of the system.

Server privileges

#server identities (not needed on solaris)
user.privileged    : root
user.notprivileged : socks

For the server to be able to access the system password file, it will typically have to be started with root privileges. In this case, the user.privileged and user.notprivileged keywords should be set to ensure that the server will run as an unprivileged user when it does not need root privileges.

Example clientmethod usage

This authentication method cannot be used as a clientmethod.

Example method usage

#authentication methods
socksmethod: username
#generic pass statement - bind/outgoing traffic
socks pass {  
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        log: error # connect disconnect iooperation
        socksmethod: username
}

The authentication configuration template can be used directly for outgoing traffic, it is only necessary to specify the method name.

The username method cannot be used for incoming traffic (bindreply, udpreply).


Copyright © 1998-2017 Inferno Nettverk A/S