HTTP¶

This chapter contains an example of a basic Wheel Fudo PAM configuration, to monitor HTTP access to a remote server. In this scenario, the user browses resources of the monitored server using a web browser. The user is authenticated by Wheel Fudo PAM against the local user database. The connection will timeout after 15 minutes (900 seconds) and the user will have to login again to continue browsing the server’s contents.

Prerequisites¶

The following description assumes that the system has been already initiated. For more information on the initiation procedure refer to the System initiation topic.

Configuration¶

Adding a server

Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.

Select Management > Servers.
Click Add.

Provide essential configuration parameters:

Parameter	Value
Genera
Name	`http_server`
Blocked
Protocol	`HTTP`
HTTP timeout	`900`
Enable SSLv2 support
Enable SSLv3 support
Description

Permissions
Granted users

Destination host
Address	`www.wheelsystems.com`
Port	`80`
HTTP host

Click Save.

Adding a user

User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.

Select Management > Users.
Click Add.

Provide essential user information:

Parameter	Value
Login	`john_smith`
Blocked
Account validity	`Indefinite`
Role	`user`
Preferred language	`English`
Full name	`John Smith`
Email	`john@smith.com`
Organization
Phone
AD Domain
LDAP Base
Permissions
Granted users
Connections
Connections
Authentication
Type	`Password`
Password	`john`
Repeat password	`john`

Click Save.

Adding a listener

Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.

Select Management > Listeners.
Click Add.

Provide essential configuration parameters:

Parameter	Value
General
Name	`http_listener`
Blocked
Protocol	`HTTP`
Enable SSLv2 support
Enable SSLv3 support

Permissions
Granted users

Connection
Mode	`proxy`
Local address	`10.0.150.151`
Port	`8080`
Use TLS

Click Save.

Adding an account

Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.

Select Management > Accounts.
Click Add.

Provide essential configuration parameters:

Parameter	Value
General
Name	`admin_http_server`
Blocked
Type	`forward`
Session recording	`all`
OCR sessions
Delete session data after	`61` days

Permissions
Granted users

Server
Server	`http_server`

Credentials
Replace secret with	`with password`
Password
Repeat password

Click Save.

Defining a safe

Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.

Select Management > Safes.
Click Add.

Provide essential configuration parameters:

Parameter	Value
General
Name	`http_safe`
Blocked
Login reason
Notifications
Policies
Users	`john_smith`

Protocol functionality
RDP
SSH
VNC

Accounts
`admin_http_server`	`http_listener`

Click Save.

Connecting to remote resource¶

Launch a web browser.
Go to the 10.0.150.151:8080 web address.
Enter user login and password and press the [Enter] key or click the Login button.

Continue browsing the website.

Viewing user session¶

Open a web browser and go to the Wheel Fudo PAM administration page.
Enter user login and password to log in to Wheel Fudo PAM administration panel.

Select Management > Sessions.
Click Active.
Find John Smith’s session and click i.

Related topics: