Table of Contents

CiscoSecure UNIX Server Graphical User Interface

Launching the GUI
File Menu
Load New Database
Save Database
Save Database As...
Print Tree
Exit
View Menu
Open/Close User List
Hide/Show Subgroups
Begin Tree Here
Add Parent
Horizontal/Vertical Layout
Groups Menu
Create Group
Edit Group Attributes
Clone Group
New Subgroup
Change Group Name
Remove Group
Remove Subgroups
Users Menu
Create User
Default Service
Default Attribute
Expires
Service
Password
Privilege
Preprocess
Postprocess
User Attributes
Edit User Attributes
Info Menu

CiscoSecure UNIX Server Graphical User Interface

You can use the CiscoSecure UNIX Server graphical user interface (GUI) or a text editor (such as UNIX vi) to manage the security of your network.

This chapter describes how to use the CiscoSecure GUI, and contains the following sections:

• Launching the GUI
  

• File Menu
  

• View Menu
  

• Groups Menu
  

• Users Menu
  

• Info Menu
  

The CiscoSecure GUI provides menus, icons, and dialogs so you can take the following actions:

• Create new users
  

• Edit user attributes
  

• Create new groups
  

• Edit group attributes
  

• Remove groups
  

• Print the tree
  

If you are managing an extensive network, the CiscoSecure GUI can streamline the process of editing your AA database.

Launching the GUI

When you have installed the CiscoSecure UNIX Server software, take the following steps to launch the GUI:

Step 1 Enter the CiscoSecureGUI command:

CiscoSecureGUI database_file

where database_file is the name of the AA database file you want to use. A splash screen displays copyright and software version information. If you do not specify a database file, a new empty database file is created for you. You can then add users and groups to it.

Step 2 Click on the splash screen with the right mouse button to close it.

It will disappear after about 30 seconds if you do not click on it.

A window opens that illustrates the group hierarchy specified in your AA database file (see Figure 8-1).

Figure 8-1 : Group Hierarchy Window

In Figure 8-1, the database file is called test.db. In addition to the group hierarchy, the window presents a menu bar that contains the following five items:

• File Menu
  

• View Menu
  

• Groups Menu
  

• Users Menu
  

• Info Menu
  

Above the menu bar is a text box where information about the menu bar is displayed. When you drag the cursor across each menu, a message explaining each item you highlighted appears in this text box.

File Menu

You can have several AA database files, each containing a different database. Use the File menu to load and then edit a specific database file and save it. You can also save a copy of an existing database file under another name. Table 8-1 summarizes each item in the File menu.

Table 8-1 : File Menu

Menu Item	Purpose
Load New Database	Load a different AA database file
Save Database	Save the currently loaded database file
Save Database As...	Save the database file under another name
Print Tree	Print the entire tree displayed
Exit	Exit the CiscoSecure GUI

Load New Database

When you select the Load New Database command from the File menu, the following window displayed in Figure 8-2 opens.

Figure 8-2 : Load New Database Window

When you first open the Load Database window, the default directory opens automatically and its name displays in the Directory text box. Enter in the text box the filename you want to load and press Return or click on OK. To go up one level in your directory structure, click on Parent. The name in the Directory text box updates automatically to show you the current directory.

Save Database

Select Save Database from the File menu to save any changes you have made to the current database file.

Save Database As...

When you select Save Database As... from the File menu, the window displayed in Figure 8-3 opens.

Figure 8-3 : Save Database Window

Enter the name you want to save your database file as in the Filename text box and press Return or click on OK.

Print Tree

Select Print Tree from the File menu to print the tree displayed in the first window that opened (see Figure 8-1) to the default printer.

Exit

When you select Exit from the File menu, you will be prompted to save any changes you have made to your AA database file if you haven't already saved it. After you respond to the prompt to save changes, you exit the CiscoSecure GUI.

View Menu

You use the View menu to change the presentation of information in the GUI, and view all information about users and groups.

The options available in the View menu are listed in Table 8-2.

Table 8-2 : View Menu

Menu Item	Purpose
Open/Close User List	Open or close a list of each user in the selected group
Hide/Show Subgroups	Hide or show all the descendants of the selected group
Add Parent	Expand the group hierarchy view one level, showing the parent of the topmost group in the current view and all the subgroups of the parent group
Begin Tree Here	Reduce the group hierarchy view, showing only the selected group and all its descendants
Vertical/Horizontal Layout	Toggle the orientation of the group hierarchy between Horizontal Layout and Vertical Layout

Before selecting most of the items in the View menu, you need to select the group you want to modify. To do this, click on the group with the left mouse button. The group label will be highlighted (see the "smallworks" group in Figure 8-4).

Figure 8-4 : Selecting a Group

Open/Close User List

When you have selected a group, select Open User List from the View menu. A subwindow like the one shown in Figure 8-5 opens; it contains a list of the users in that group.

Figure 8-5 : Opening the User List

When you select Open User List, the user list is displayed, and Open User List changes to Close User List. When you are ready to close the user list, select Close User List from the View menu.

Hide/Show Subgroups

In large networks, you can have many groups that contain many other groups, each of which can contain many other groups. When you display the group hierarchy, you might only want to see the groups at the top level of the hierarchy. To do this select Hide Subgroups from the View menu. See, for example, the group "staff" in Figure 8-6. If you select Hide Subgroups from the View menu, the result is illustrated in Figure 8-7.

Figure 8-6 : Show Subgroups

Figure 8-7 : Hide Subgroups

When you select Hide Subgroups, the View menu changes to Show Subgroups. When you are ready to view the subgroups window, select Show Subgroups from the View menu.

Begin Tree Here

You can reduce and expand your view of the group hierarchy beginning with a specific group. For example, you could select the "training group" and then select Begin Tree Here from the View menu to see the "training" group and its subgroups. (See Figure 8-8.)

Figure 8-8 : Reducing a Tree

You can also double-click on a group icon to do the same thing.

Add Parent

When you reduce the view of the group hierarchy, you can expand it again one level at a time by selecting Add Parent from the View menu. Thus, if you select the "training" group icon and then select Add Parent from the View menu, you will see the parent group "staff" and the remainder of the hierarchy (see Figure 8-9).

Figure 8-9 : Expanding a Tree

You can also double-click on a group icon to do the same thing.

Horizontal/Vertical Layout

You can display databases horizontally or vertically by selecting Horizontal/Vertical Layout from the View menu. By default, CiscoSecure UNIX Server software displays the horizontal view. (See Figure 8-10.)

Figure 8-10 : Viewing a Horizontal Layout

You can change the orientation of databases from horizontal to vertical by selecting Vertical Layout from the View menu. (See Figure 8-11.) Select Horizontal Layout from the View menu to change the orientation back to horizontal.

Figure 8-11 : Viewing a Vertical Layout

Groups Menu

The easiest way to control the access of individual users to network resources is to assign them to a group. The Groups menu provides several commands that enable you to create new groups and edit existing groups in the AA database. Each command in the Groups menu is summarized in Table 8-3.

Table 8-3 : Groups Menu

Menu Item	Purpose
Create Group	Create a new group
Edit Group Attributes	Edit the attributes of the selected group
Clone Group	Create a new group using the attributes of an existing group
New Subgroup	Create a new subgroup of the selected group
Change Group Name	Change the name of the selected group
Remove Group	Delete the selected group from the AA database and the group hierarchy
Remove Subgroups	Delete all subgroups of the selected group from the AA database and the group hierarchy

Create Group

Select Create Group from the Groups menu to add new groups to your network. You must first select an existing group at the same level as the group you want to create. For example, take the following steps to add a new group called "admin" at the same level as the "external" and "staff" groups:

Step 1 Select either the "external" or "staff" group by clicking on the group icon with the left mouse button. (See Figure 8-12.) The group label will be highlighted as shown.

Figure 8-12 : Selecting a Group

Step 2 Select Create Group from the Groups menu. The "New Group" dialog box opens.

Step 3 Enter the name of the new group ("admin") in the New Group dialog box and press Return. The result is illustrated in Figure 8-13.

Figure 8-13 : Adding a New Group

The hierarchical position of the "admin" group is at the same level as the "staff" and "external" groups. When you have created a new group, you can select Edit Group Attributes from the Groups menu to assign the required attributes to the newly created group.

Edit Group Attributes

As your network expands and the needs of users change, you can change the way groups and users are managed. You might, for example, want to add privileges to a particular group. Select Edit Group Attributes from the Groups menu to make such changes to the AA database.

Take the following steps to edit the attributes of a group:

Step 1 Select the group---for example, the "admin" group---by clicking on it once.

Step 2 Select Edit Group Attributes from the Groups menu. The User Create window opens. (See Figure 8-14.)

Figure 8-14 : Editing Group Attributes

The window opens the AA database file. On the left, you see the settings of this group. Since the new group has no attributes, this area is blank in this example. On the right, buttons correspond to the attributes you can set for the group together with their corresponding keyboard shortcuts, or function keys.

When you begin setting group attributes, corresponding syntax will display in the AA database window. The editable parts of the syntax are displayed in blue and a red marker indicates what line you are on. The buttons on the right change depending on which attributes you are editing. Figure 8-15 shows the group "admin" with some attributes added.

Figure 8-15 : Editing Group Attributes---Some Detail

Clone Group

If you want to create a new group with many of the same attributes as an existing group, you can clone a new group from the existing group. This procedure is very similar to the one you follow to edit group attributes. (See the previous section, "Edit Group Attributes.")

When you clone a group, it contains all the attributes of the group from which it was cloned. Select Edit Group Attributes from the Groups menu to make any changes you want to the attributes of the newly created group.

Take the following steps to clone a group. In this example, the group "support" is created by cloning the "admin" group.

Step 1 Select the "admin" group by clicking on its icon.

Step 2 Select Clone Group from the Groups menu. The New Group dialog box opens.

Step 3 Enter the name "support" in the text field and press Return. The result is illustrated in Figure 8-16.

Figure 8-16 : New Hierarchy with Cloned Group

To verify that the attributes of the "admin" group have been copied to the "support" group, select the "support" group and select Edit Group Attributes from the Groups menu. The window shown in Figure 8-17 opens.

Figure 8-17 : Selecting Edit Group Attributes to Verify Cloning

The "support" group has the same attributes as the "admin" group. At this point, you can add more attributes to the "support" group or edit existing attributes.

New Subgroup

When you have created a new group, you can create subgroups that belong to the newly created group.

Take the following steps to create a new subgroup. In this example, the subgroups "manager" and "maintenance" subgroups of the "admin" group.

Step 1 Select the "admin" group by clicking on its icon.

Step 2 Select New Subgroup from the Groups menu. The New Group dialog box opens.

Step 3 Enter the name "manager" in the text field and press Return.

Step 4 Repeat Step 2.

Step 5 Enter the name "maintenance" in the text field and press the Return.

The result is illustrated in Figure 8-18.

Figure 8-18 : Adding a New Subgroup

Change Group Name

Take the following steps to change the name of an existing group. In this example, the name of the "admin" group change to "network."

Step 1 Select the "admin group" by clicking on its icon.

Step 2 Select Change Group Name from the Groups menu. The "New Name for Group" dialog box opens.

Step 3 Enter the new group name ("network") in the text field and click on OK or press Return. The result is illustrated in Figure 8-19.

Figure 8-19 : Changing a Group Name

Remove Group

You might decide that a particular group is no longer necessary. To delete any group from the group hierarchy and thus the AA database, select the group by clicking on its icon and then select Remove Group from the Groups menu.

Remove Subgroups

You might decide that you no longer need all the subgroups in a particular group. You can simultaneously remove all the subgroups of a group from the AA database and thus the group hierarchy. For example, to delete the subgroups "maintenance" and "manager" from the "network" group, first select the "network" group by clicking on its icon and then select Remove Subgroups from the Groups menu. The result is illustrated in Figure 8-20.

Figure 8-20 : Removing a Subgroup

Users Menu

The basic premise of managing access to your network using CiscoSecure UNIX Server software is managing individual users. For groups to be useful, you must be able to identify users when they log in to your network. So you need to define relevant information, such as privileges, about these users before they log in.

You can use the Users menu to create new users and edit existing users in the AA database. Table 8-4 summarizes the items in the Users menu.

Table 8-4 : Users Menu

Menu Item	Purpose
Create User	Create a new user
Edit User Attributes	Edit the attributes of a selected user

Create User

To add a user to an existing group, you need to give the user a name and specific attributes. Take the following steps to create a new user, in this example, newbee, in the "network" group:

Step 1 Select the "network" group by clicking on its icon.

Step 2 Select Create User from the Users menu. You the "Name for new user" dialog box opens.

Step 3 Enter the name newbee in the text field and click on OK or press Return. The User Create screen opens. (See Figure 8-21.)

The settings of the new user will be displayed on the left and the buttons on the right reference attributes you can set, together with their keyboard shortcuts or function keys.

Figure 8-21 : User Create Screen

You now have to give the user newbee some attributes which are described in the following sections.

Default Service

To set the default service attribute for newbee, click on Default Service or press the F-1 function key. The information shown in Figure 8-22 appears in the portion of the AA database that is displayed.

Figure 8-22 : User Create: Default Service

Choices for the default service of a user are as follows:

• Permit (F-1)
  

• Deny (F-2)
  

Click on your selected choice to display it in the AA database window. For example, newbee's default service is permit (see Figure 8-23).

Figure 8-23 : User Create: Default Service = Permit

When you have selected the default service, the buttons on the right are available again so you can set the rest of the attributes for the new user.

Default Attribute

To set the default attribute for newbee, click on Default Attribute or press the F-2 function key. Choices for the default attribute are as follows:

• Permit (F-1)
  

• Deny (F-2)
  

Click on your selected choice to display it in the AA database window.

Expires

You can set a date when a new user's account will expire. Click on Expires or press the F-3 function key. Enter the date in the format DD MMM YY in the dialog box and press Return.

The dialog box shown in Figure 8-24 opens.

Figure 8-24 : Date Dialog Box

Service

You can set up specific service authorizations for new users. Choices for service authorization are as follows:

• PPP (F-1)---Point-to-Point Protocol. Includes the protocol authorizations for PPP service.
  

• SLIP (F-2)---Serial Line Internet Protocol. Includes the protocol authorizations for SLIP service.
  

• Shell (F-3) Includes the protocol authorizations for shell service.
  

• Other (F-4)---Allows custom authorizations for service.
  

Click on Service or press the F-4 function key. The window shown in Figure 8-25 opens.

Figure 8-25 : User Create: Service

PPP

When you select PPP, the choices for service are as follows (see Figure 8-25):

• Protocol (F-1)
  

• PPP Attribute (F-2)
  

• Default Protocol (F-3)
  

• Default Attribute (F-4)
  

• Finished (Esc)
  

Figure 8-26 : Defining PPP Service

To set the appropriate protocol, click on Protocol, or press the F1 function key. Enter the appropriate string---for example, ip or ipx---in the dialog box that opens (see Figure 8-27) and press Return.

Figure 8-27 : String Dialog

The buttons on the right will change to give you the following additional choices: attribute, default attribute, and finished.

• Attribute (F-1)
  

When you click on PPP Attribute, the keyword "set" appears in the AA database file, and the buttons indicate two choices: optional string and string.

• Optional String (F-1)
  

When you click on Optional String, the string dialog box reopens. Enter the string you want and press Return. The string you enter appears in the AA database file with an equal sign appended. The value dialog box opens for you to enter a value to assign to the string. When you have entered a value, it is shown in the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

Until (F-2)

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file.

set optional addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished the initial protocol window opens and you can set another attribute or default.

• String (F-2)
  

When you click on String, the string dialog box reopens. Enter the string you want and press Return. The string you enter appears in the AA database file with an equal sign appended. The value dialog box opens for you to enter a value to assign to the string. When you have entered a value, it is shown in the AA database file and the buttons on the right change as follows:

• From (F-1)
  

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

• Until (F-2)
  

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file.

set addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

• Finished (Esc)
  

When you click on Finished the initial protocol window opens and you can set another attribute or default.


• Default Attribute (F-2)
  

Click on Default Attribute to set the default attribute for the specified user to one of the following two choices:

• Permit (F-1)
  

Allows any attributes for the specified service.

• Deny (F-2)
  

Sets the default to deny for any attributes so you have to explicitly set any attributes the user needed.

• Finished (Esc)
  

  When you click on Finished, the buttons on the right change to display the Time Qualifier option. Click on the Time Qualifier button to display buttons listing each day of the week plus Any, as shown in Figure 8-28.
  

Figure 8-28 : User Create: Time Qualifier

When you click on a day or Any, it is displayed in the AA database file, and the Finished button appears on the right. You can enter any combination of days for this service. When you click Finished, a Time dialog box opens (see Figure 8-29) and you must enter the valid start time corresponding to the time on that particular day (or days) that the service is available. Enter the start time in the form 0000--2359, and press Return. Another Time dialog box opens; you should enter the time until which this service is valid.

Figure 8-29 : Time Dialog

When you click on PPP Attribute, the keyword set appears in the AA database file and the buttons indicate two choices, optional string and string.

• Optional String (F-1)
  

Click on Optional String, enter the string you want in the string dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:


From (F-1)


Click on From to open the Date dialog box and specify the date from which this attribute is valid.


Until F-2)


Click on Until to open the Date dialog box and specify the date until which the service will be valid.


You will then see information like the following displayed in the AA database file.

set optional addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

• String (F-2)
  

Click on String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

Until (F-2)

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file.

set addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

When you click on Default Protocol, you have the following choices:

• Permit (F-1)
  

• Deny (F-2)
  

When you click on Default Attribute, you have the following choices:

• Permit (F-1)
  

• Deny (F-2)
  

Finished

When you click on Finished, the Time Qualifier screen opens. When you click on a day or Any, the result is displayed in the AA database file, and the Finished button appears on the right. You can enter any combination of days for this service. When you click Finished, a Time dialog box opens (see Figure 8-29) and you must enter the valid start time corresponding to the time on that particular day (or days) that the service is available. Enter the start time in the form 0000--2359, and press Return. Another Time dialog box opens; you should enter the time until which this service is valid.These settings apply to all the PPP service settings and are optional.

SLIP

When you select SLIP, the choices for service are as follows:

• SLIP Attribute (F-1)
  

• Default Attribute (F-2)
  

• Finished (Esc)
  

When you click on Attribute, the keyword set appears in the AA database file and the buttons indicate two choices, optional string and string.

• Optional String (F-1)
  

Click on Optional String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:


From (F-1)


Click on From to open the Date dialog box and specify the date from which this attribute is valid.


Until (F-2)


Click on Until to open the Date dialog box and specify the date until which the service will be valid.


You will then see information like the following displayed in the AA database file:

set optional addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

• String (F-2)
  

Click on String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

Until (F-2)

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file:

set addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

When you click on Default Attribute, you have the following choices:

• Permit (F-1)
  

• Deny (F-2)
  

When you click on Finished, the Time Qualifier screen opens. When you click on a day or Any, it is displayed in the AA database file, and the Finished button appears on the right. You can enter any combination of days for this service. When you click on Finished, a Time dialog box opens (see Figure 8-29) and you must enter the valid start time corresponding to the time on that particular day (or days) that the service is available. Enter the start time in the form 0000--2359, and press Return. Another Time dialog box opens; you should enter the time until which this service is valid.These settings apply to all the SLIP service settings and are optional.

Shell

When you select shell, the choices for service are as follows (see Figure 8-30:

• Command (F-1)
  

• Shell Attribute (F-2)
  

• Default Command (F-3)
  

• Default Attribute (F-4)
  

• Finished (Esc)
  

Figure 8-30 : User Create: Service = Shell

When you click on Command, cmd = appears in the AA database file and the String dialog box (see Figure 8-27) opens. When you enter your command string and press Return, the buttons indicate the following choices:

• Permit (F-1)
  

When you click on Permit, the Quoted String dialog box (see Figure 8-31) opens.

Figure 8-31 : Quoted String Dialog

Enter the command you want to permit and press Return. Quotes will be placed around the string automatically.

• Deny (F-2)
  

When you click on Deny, the Quoted String dialog box (see Figure 8-31) appears. Enter the command you want to deny and press Return. Quotes will be placed around the string automatically.

• Attribute (F-3)
  

When you click on Attribute, the keyword "set" appears in the AA database file, and the buttons indicate two choices: optional string and string.

Optional String (F-1)

When you click on Optional String, the string dialog box reopens. Enter the string you want and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

Until (F-2)

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file.

set optional addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

• Finished (Esc)
  

When you click on Finished the initial protocol window opens screen and you can set another attribute or default.


String (F-2)


Click on String, enter the string you want, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you to enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:


From (F-1)


Click on From to open the Date dialog box and specify the date from which this attribute is valid.


Until (F-2)


Click on Until to open the Date dialog box and specify the date until which the service will be valid.


You will then see information like the following displayed in the AA database file:

set addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

• Default Attribute (F-4)
  

Click on Default Attribute to set the default attribute for the specified user to one of the following two choices:


Permit (F-1)


Allows any attributes for the specified service.


Deny (F-2)


Sets the default to deny for any attributes; therefore, any attributes permitted must be explicitly specified.


• Default Command (F-5)
  

Click on Default Command to set the default command for the specified user to one of the following two choices:


Permit (F-1)


Deny (F-2)


• Finished (Esc)
  

When you click on Finished, the Time Qualifier screen opens. When you click on a day or Any, it appears in the AA database file, and the Finished button appears on the right. You can enter any combination of days for this service. When you click on Finished, a Time dialog box opens (see Figure 8-29) and you must enter the valid start time corresponding to the time on that particular day (or days) that the service is available. Enter the start time in the form 0000--2359, and press Return. Another Time dialog box opens; you should enter the time until which this service is valid.These settings apply to all of the commands and are optional.

When you click on Attribute, the keyword set appears in the AA database file and the buttons indicate two choices, optional string and string.

• Optional String (F-1)
  

Click on Optional String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:


From (F-1)


Click on From to open the Date dialog box and specify the date from which this attribute is valid.


Until (F-2)


Click on Until to open the Date dialog box and specify the date until which the service will be valid.


You will then see information like the following displayed in the AA database file:

set optional addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

• String (F-2)
  

Click on String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The value dialog box opens for you to enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

• Until (F-2)
  

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file.

set addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

• Finished (Esc)
  

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

When you click on Default Command, the keywords default command = appear in the AA database file and you have the following choices:

• Permit (F-1)
  

• Deny (F-2)
  

When you click on Default Attribute, you have the following choices:

• Permit (F-1)
  

• Deny (F-2)
  

Finished

When you click on Finished, the Time Qualifier screen opens. When you click on a day or Any, it appears in the AA database file, and the Finished button appears on the right. You can enter any combination of days for this service. When you click Finished, a Time dialog box opens (see Figure 8-29) and you must enter the valid start time corresponding to the time on that particular day (or days) that the service is available. Enter the start time in the form 0000--2359, and press Return. Another Time dialog box opens; you should enter the time until which this service is valid. These settings apply to all of the command settings and are optional settings.

Other

When you click on Other, you can define your own custom commands by entering the string in the dialog box that corresponds to the appropriate service, and pressing Return.

The buttons on the right change to indicate the following choices:

• Attribute (F-1)
  

Click on attribute, the keyword set appears in the AA database file and the buttons indicate two choices:

• Optional String (F-1)
  

Click on Optional String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you to enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

Until (F-2)

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA database file.

set optional addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

• String (F-2)
  

Click on String, enter the string you want in the dialog box, and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons on the right change as follows:

From (F-1)

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

Until (F-2)

Click on Until to open the Date dialog box and specify the date until which the service will be valid.

You will then see information like the following displayed in the AA:database file:

set addr = 131.108.13.3 from "25 Jan 96" until "25 Mar 96"

Finished (Esc)

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

• Default Attribute (F-2)
  

When you click on Default Attribute, you have the following choices:

• Permit (F-1)
  

This will allow any attributes for the specified service.

• Deny (F-2)
  

This will set the default to deny for any attributes so you have explicitly set any attributes the user needs.

• Finished (Esc)
  

When you click on Finished the initial protocol window opens and you can set another attribute or default.

• Finished (Esc)
  

When you click on Finished, the Time Qualifier screen opens. When you click on a day or Any, it is displayed in the AA database file, and the Finished button appears on the right. You can enter any combination of days for this service. When you click on Finished, a Time dialog box opens (see Figure 8-29) and you must enter the valid start time corresponding to the time on that particular day (or days) that the service is available. Enter the start time in the form 0000--2359, and press Return. Another Time dialog box opens; enter the time until which this service is valid. These settings apply to all of the Other service settings and are optional.

Password

Click on Password to specify the type of password support you want for the user or group you have selected.When you click on Password or press the F-5 function key, the information shown in Figure 8-32 appears.

Figure 8-32 : Password Screen

The following choices are available:

• File (F-1)
  

Opens the string dialog box so you can specify what file CiscoSecure UNIX Server software should use to find your password.

• Skey (F-2)
  

Tells CiscoSecure UNIX Server software to use skey, a one-time password generator.

• System (F-3)
  

Tells CiscoSecure UNIX Server software to use the default system password mechanism.

• Shadow (F-4)
  

• No Password (F-5)
  

Tells CiscoSecure UNIX Server software that no password is required for the selected user to log in.

• DES (F-6)
  

Tells CiscoSecure UNIX Server software to use DES. When you select this option, the String dialog box opens and you can specify the password to be used for the current user.

• CHAP (F-7)
  

Tells CiscoSecure UNIX Server software to use the Challenge Handshake Authentication Protocol. When you select this option, the Quoted String dialog box opens and you can specify the password to be used for the current user.

• ARAP (F-8)
  

Tells CiscoSecure UNIX Server software to use the AppleTalk Remote Access protocol. When you select this option, the Quoted String dialog box opens and you can specify the password to be used for the current user.

• PAP (F-9)
  

Tells CiscoSecure UNIX Server software to use the Password Authentication protocol. When you select this option, the Quoted String dialog box opens for you to specify the password to be used for the current user.

• Clear (F-10)
  

Tells CiscoSecure UNIX Server software to use the cleartext passwords. When you select this option, the Quoted String dialog box opens and you can specify the password to be used for the current user.

All these choices allow you to specify From and Until dates for use with each password scheme.

Privilege

Privilege means the level of service users have access to if they submit the appropriate password. The choices for privilege are those listed earlier in this chapter in the section "Password" (see Figure 8-32) but with an additional argument that corresponds to the privilege level (see Figure 8-33).

Figure 8-33 : User Create: Privilege

When you have selected the password type, the Value dialog box (see Figure 8-34) opens and you can enter the privilege level (0--15) that applies.

Figure 8-34 : Value Dialog

Preprocess

Click on Preprocess in the User Create window to open the Quoted String dialog box and enter the name of the function to be invoked before user authorization. You can then specify From and Until dates for use with that particular preprocessing scheme.

Postprocess

Click on Postprocess in the User Create window to open the Quoted String dialog box and enter the name of the function to be invoked after user authorization. You can then specify From and Until dates for use with that particular postprocessing scheme.

User Attributes

When you click on User Attributes in the User Create window, the keywords set = appear in the AA database and the string dialog box opens. Enter the string and press Return. The string you enter appears in the AA database file with an equal sign appended to it. The Value dialog box opens and you enter a value to assign to the string. When you have entered a value, it appears in the AA database file and the buttons indicate the following choices:

• From (F-1)
  

Click on From to open the Date dialog box and specify the date from which this attribute is valid.

• Until F-2)
  

Click on Until to open the Date dialog box and specify the date until which the attribute will be valid.

• Finished (Esc)
  

When you click on Finished, the initial protocol window opens and you can set another attribute or default.

Edit User Attributes

To change the attributes of users, select the user you want to edit (see Figure 8-35), and select Edit User Attributes from the Users menu.

Figure 8-35 : Selecting a User

The User Edit window opens (see Figure 8-36).

Figure 8-36 : Edit User Attributes

Click in the AA database window on the line you want to edit. The editable portions of the AA database file appear in blue and a red marker indicates what line you are on. Depending on the line you have selected, the top buttons on the right change to display the editable portion of that line. Click on the button of the value you want to change. Lower buttons on the right display Insert Before (F-9), Insert After (F-10), Delete (F-11), and Undo (F-12). Click on the corresponding button to insert a new line before or after the current line, or to delete the current line (see Figure 8-37). Click Undo to cancel the last edit.

Figure 8-37 : Editing User Attributes

When you click on Undo, the upper buttons indicate the following choices (see Figure 8-38):

• More Undo (F-1)
  

When you click on More Undo, you advance one Undo command among your existing history of undo commands.

• Less Undo (F-2)
  

When you click on Less Undo, you move back one Undo command among your existing history of undo commands.

• Apply Undo (F-3)
  

When you click on Apply Undo, the specified Undo command is executed, and clears the current record of your Undo commands..

• Abort Undo (F-4)
  

• When you click on Abort Undo, the last Undo command you specified is canceled.
  

Figure 8-38 : User Edit Window with Undo Options

The GUI keeps track of all your "do" and "undo" commands until you click Apply.

For example, if newbee's password is clear "foo" and you want to change it, you click on foo and enter a new string "bar" in the string dialog. Then you want to undo that change. You click on Undo and it changes back to "foo." If you click Less Undo, it changes back to "bar." If you click More Undo at this point, the password reverts back to "foo." Once you click on Apply Undo, the most recent change you specified is executed and you return to the User Edit window where you can make other changes as your needs determine.

However, if you click Abort Undo, rather than Apply Undo, "bar" would remain the password, and then you would return to the User Edit window.

Now click on "bar," change it to "char." Then click on Undo. You return to the Undo screen and the password changes back to "bar." If you click More Undo, it goes back to foo. If you click Less Undo, it goes to "char." The More Undo and Less Undo commands allow you to traverse a list of undo options. As long as you don't "apply" them, you can undo infinitely.

Info Menu

The menu option in the Info menu is Version. When you select Version, you see the CiscoSecure UNIX Server splash screen.

Copyright 1988-1996 © Cisco Systems Inc.