I am setting up FASTCopy to run in a B2B (Business to Business) environment and do not want to compromise security by providing my business partner with a system username and password. Does FASTCopy have a proxy / virtual user support?
Answer:
FASTCopy employs the Proxy Security Mechanism, which enables administrators to define a comprehensive operations rules base, among them the allocation of Virtual Accounts as a front for real system accounts. The Proxy Security Mechanism can also prohibit transfer operations to specified time periods, allow operations in the context of specific users only, and more. For complete details consult SoftLink Support , or refer to the FASTCopy Administrator Guide.
A Virtual Account needs to be "mapped" to a real system account. Once this is done the virtual account may be given to business partners without their knowledge of any real system entities. In order for a FASTCopy operation to take place the business partner requires only the correct username and password for the virtual account, use the predetermined encryption scheme + correct key phrase (if any), and issue requests from a specified IP address, node name, or subnet, all defined in the Proxy Mechanism security files.
To setup a Virtual Account use the following guidelines:
You first need to employ the sl_passwd.exe utility (stored in the same directory as all FASTCopy-related executables). Use the CLI (command line interface) in the following manner to create a virtual account: sl_passwd add dummy_user -pass=xyz123
On a Windows machine you must also add the real system account details to the sl_passwd list like so: sl_passwd add real_user -system_password=real_system_password
This step is not required on a Unix system since the FASTCopy daemon runs in the context of user root. Unlike Windows' administrator, the root account in Unix can change user context to another user without supplying the password.
To view and verify the list of logical users use: sl_passwd list
Next, you must edit FASTCopy's Administration and Security files to approve of the "bogus" username and specify in which context of real system username the operation will run. These files are softlink.security and softlink.login, located in the /etc directory on UNIX, under SYS$MANAGER on OpenVMS, or in the \security directory under the FASTCopy installation directory on Windows NT and 2000/XP.
Example: Let's say you would like to allow nodeA to send files to your node by specifying the logical username dummy_user and password xyz123. This account must of course be added to the sl_passwd list using the directions in section 1. The operation should be performed in the context of the real system account: real_user.
First, add this record to the softlink.login file:
Now, in order for the user at nodeA to issue FASTCopy operations against your node, he/she need only to specify the normal account qualifiers in the command using the Virtual Account details: -user=dummy_user -password=xyz123.
