Difference between revisions of "Virtual Users"

From ProVide DocWiki
Jump to: navigation, search
(Created page with "== Overview == Have ProVide integrate with any system for user authentication and configuration! With virtual script-based integration ProVide can connect to just about ...")
 
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
Have ProVide integrate with any system for user authentication and configuration! With virtual script-based integration ProVide can connect to just about any data source (e.g. databases, management information systems, flat-files, ...) to verify and configure accounts. All you have to do is setup two access points; one for verifying that a user will be allowed access, and one that tells ProVide the user configuration (home directory structure, limitations, security settings, etc.).
 
Have ProVide integrate with any system for user authentication and configuration! With virtual script-based integration ProVide can connect to just about any data source (e.g. databases, management information systems, flat-files, ...) to verify and configure accounts. All you have to do is setup two access points; one for verifying that a user will be allowed access, and one that tells ProVide the user configuration (home directory structure, limitations, security settings, etc.).
  
''Tip 1:'' Use the graphical user interface to create a user account the way you want the setup to be. Then use this account file as a template for your user file creations.
+
''Tip 1:'' An easy way to learn the format of the different settings you can add to your virtual users is by creating a user with your choice of settings already applied via the adminstration interface, then open the username.uac file found in inside "accounts" in the ProVide installation directory with Notepad or similar.
  
 
''Tip 2:'' Use groups to define basic functionalities and then simply return which groups a user should get its configuration from.
 
''Tip 2:'' Use groups to define basic functionalities and then simply return which groups a user should get its configuration from.
Line 14: Line 14:
  
 
Contents of file "C:\Scripts\login.cmd":
 
Contents of file "C:\Scripts\login.cmd":
<pre>@echo off
+
<syntaxhighlight lang="dos">@echo off
  
 
rem Extract IP and remove quotes
 
rem Extract IP and remove quotes
Line 45: Line 45:
  
 
rem No valid login found - Deny access
 
rem No valid login found - Deny access
exit 1</pre>
+
exit 1</syntaxhighlight>
  
 
Configuration script in ProVide:
 
Configuration script in ProVide:
Line 51: Line 51:
  
 
Contents of file "C:\Scripts\userconfig.cmd":
 
Contents of file "C:\Scripts\userconfig.cmd":
<pre>@echo off
+
<syntaxhighlight lang="dos">@echo off
  
 
rem Extract username and remove quotes
 
rem Extract username and remove quotes
Line 69: Line 69:
 
   echo /a virtual folder^|^|
 
   echo /a virtual folder^|^|
 
   echo /^|C:\^|RF,LD,RR
 
   echo /^|C:\^|RF,LD,RR
)</pre>
+
)</syntaxhighlight>
  
 
=== Requiring public/private key authentication and SFTP with virtual users ===
 
=== Requiring public/private key authentication and SFTP with virtual users ===
Line 82: Line 82:
  
 
Contents of file "C:\Scripts\login.cmd":
 
Contents of file "C:\Scripts\login.cmd":
<pre>@echo off
+
<syntaxhighlight lang="dos">@echo off
  
 
rem Extract IP and remove quotes
 
rem Extract IP and remove quotes
Line 98: Line 98:
 
rem We do not allow any password verifications for virtual users - Deny all access
 
rem We do not allow any password verifications for virtual users - Deny all access
  
exit 1</pre>
+
exit 1</syntaxhighlight>
  
 
Configuration script in ProVide:
 
Configuration script in ProVide:
Line 104: Line 104:
  
 
Contents of file "C:\Scripts\userconfig.cmd":
 
Contents of file "C:\Scripts\userconfig.cmd":
<pre>@echo off
+
<syntaxhighlight lang="dos">@echo off
  
 
rem Extract username and remove quotes
 
rem Extract username and remove quotes
Line 138: Line 138:
 
   echo !Security - RequirePubKey: True
 
   echo !Security - RequirePubKey: True
 
   echo !Security - PubKey: ---- BEGIN SSH2 PUBLIC KEY ----\nComment: "rsa-key-20120316"\nn0N9zoHof[...]\n---- END SSH2 PUBLIC KEY ----\n
 
   echo !Security - PubKey: ---- BEGIN SSH2 PUBLIC KEY ----\nComment: "rsa-key-20120316"\nn0N9zoHof[...]\n---- END SSH2 PUBLIC KEY ----\n
)</pre>
+
)</syntaxhighlight>

Latest revision as of 15:35, 13 March 2018

Overview

Have ProVide integrate with any system for user authentication and configuration! With virtual script-based integration ProVide can connect to just about any data source (e.g. databases, management information systems, flat-files, ...) to verify and configure accounts. All you have to do is setup two access points; one for verifying that a user will be allowed access, and one that tells ProVide the user configuration (home directory structure, limitations, security settings, etc.).

Tip 1: An easy way to learn the format of the different settings you can add to your virtual users is by creating a user with your choice of settings already applied via the adminstration interface, then open the username.uac file found in inside "accounts" in the ProVide installation directory with Notepad or similar.

Tip 2: Use groups to define basic functionalities and then simply return which groups a user should get its configuration from.

Examples

A basic example

The example presented below display the basics with virtual user integration; two virtual accounts with different passwords and different home directory configuration.

Verification script in ProVide:

C:\Scripts\login.cmd "%IP%" "%USERNAME%" "%PASSWORD%"

Contents of file "C:\Scripts\login.cmd":

@echo off

rem Extract IP and remove quotes
set IP=%1
for /f "useback tokens=*" %%a in ('%IP%') do set IP=%%~a

rem Extract Username and remove quotes
set USER=%2
for /f "useback tokens=*" %%a in ('%USER%') do set USER=%%~a

rem Extract Password and remove quotes
set PASS=%3
for /f "useback tokens=*" %%a in ('%PASS%') do set PASS=%%~a

rem Check for valid logins

if /I "%USER%" == "testuser1" (
   if "%PASS%" == "pass pass" (
      exit 0
   )
)

if /I "%USER%" == "testuser2" (
   if "%PASS%" == "password" (
      if "%IP%" == "127.0.0.1" (
         exit 0
      )
   )
)

rem No valid login found - Deny access
exit 1

Configuration script in ProVide:

C:\Scripts\userconfig.cmd "%USERNAME%"

Contents of file "C:\Scripts\userconfig.cmd":

@echo off

rem Extract username and remove quotes
set USER=%1
for /f "useback tokens=*" %%a in ('%USER%') do set USER=%%~a

rem Configure accounts

if /I "%USER%" == "testuser1" (
   echo !Restriction - VirtualAccount
   echo /Virtual folder for testuser1^|^|
   echo /^|C:\^|RF,LD,RR
)

if /I "%USER%" == "testuser2" (
   echo !Restriction - VirtualAccount
   echo /a virtual folder^|^|
   echo /^|C:\^|RF,LD,RR
)

Requiring public/private key authentication and SFTP with virtual users

The example presented below shows how to require public/private key authentication. When using virtual users the two scripts "verification" and "configuration" are actually called separately; "verification" is only called once the user supplies a password to be verified, and "configuration" is called as soon as the server needs the complete setup of an account.

Thus, if the "configuration" script is to return a requirement that the user needs public key authentication then that will be required.

Note: The line containing the public key ("!Security - PubKey: [...]") must be on one long line.

Verification script in ProVide:

C:\Scripts\login.cmd "%IP%" "%USERNAME%" "%PASSWORD%"

Contents of file "C:\Scripts\login.cmd":

@echo off

rem Extract IP and remove quotes
set IP=%1
for /f "useback tokens=*" %%a in ('%IP%') do set IP=%%~a

rem Extract Username and remove quotes
set USER=%2
for /f "useback tokens=*" %%a in ('%USER%') do set USER=%%~a

rem Extract Password and remove quotes
set PASS=%3
for /f "useback tokens=*" %%a in ('%PASS%') do set PASS=%%~a

rem We do not allow any password verifications for virtual users - Deny all access

exit 1

Configuration script in ProVide:

C:\Scripts\userconfig.cmd "%USERNAME%"

Contents of file "C:\Scripts\userconfig.cmd":

@echo off

rem Extract username and remove quotes
set USER=%1
for /f "useback tokens=*" %%a in ('%USER%') do set USER=%%~a

rem Configure accounts

if /I "%USER%" == "testuser1" (
   echo !Restriction - VirtualAccount
   echo /Virtual folder for testuser1^|^|
   echo /^|C:\^|RF,LD,RR
   echo !Security - AllowFTP: False
   echo !Security - AllowFTPS: False
   echo !Security - AllowSFTP: True
   echo !Security - AllowTFTP: False
   echo !Security - AllowPubKey: False
   echo !Security - RequirePasswordIfNoPubKey: False
   echo !Security - RequirePubKey: True
   echo !Security - PubKey: ---- BEGIN SSH2 PUBLIC KEY ----\nComment: "rsa-key-20120316"\nAAAAB3Nza[...]\n---- END SSH2 PUBLIC KEY ----\n
)

if /I "%USER%" == "testuser2" (
   echo !Restriction - VirtualAccount
   echo /a virtual folder^|^|
   echo /^|C:\^|RF,LD,RR
   echo !Security - AllowFTP: False
   echo !Security - AllowFTPS: False
   echo !Security - AllowSFTP: True
   echo !Security - AllowTFTP: False
   echo !Security - AllowPubKey: False
   echo !Security - RequirePasswordIfNoPubKey: False
   echo !Security - RequirePubKey: True
   echo !Security - PubKey: ---- BEGIN SSH2 PUBLIC KEY ----\nComment: "rsa-key-20120316"\nn0N9zoHof[...]\n---- END SSH2 PUBLIC KEY ----\n
)