Telecom and Logistics Associates

Network and Security Company
TLA
About Us
Home
FLApro
Jobjects
Consulting
Learning Center
FW-1 FAQ
 
TLAnews
Search
 
 

TLAflash Registration
 
Tech Doc
Archive
Advertising
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Jclntauth automates authentication to Firewall-1

 

Since 2 years we are internally working with a tool called jclientauth. This tool allows us to automate authentication on firewalls from Checkpoint or from Nokia. We use it either on Windows XP/2000, on Linux or on Solaris. This tool has been developped by TLA to allow processes that need to access other ressources on Internet to pass through the authentication mechanism needed by a firewall. 

The kind of tasks that can be automated with the tool are anti-virus updates, access for spider engines, automation of FTP accesses, backup tasks. In short any task that a process realises without the intervention of a user.

With Jclntauth you also simplify authentication procedure for users. You can propose different configuration to authenticate on different firewalls. This is for example usefull in our work at different customer location. For each customer we have a configuration file, this allows us a quick and easy authentication without reducing security.

License
This tool can be downloaded for a personnal usage limited to one exemplar. It cannot be transmitted in any form. For a commercial usage or for several systems installed with our software a license must be purchased from TLA. 

Installation

The program is written in Java and as such needs a java environment. On certain systems the java environment might not be present. You will need to install the JRE environment from SUN.

http://java.sun.com

Define a directory where you want to install jclntauth

 

Configuration
First of all the configuration will contain sensible information. As such it must be protected by the operating system security mechanism. This means that the only user allowed to have a read permission on this file must be the automated process. A configuration file must be provided to the tool in order to know IP address of the firewall, username and password as well as the action to perform. By action we mean that the process can be authorized or that it can be deauthorized. The configuration file must be placed in the same directory as is jclntauth. below is the content of the configuration file called tst
url=http://194.191.78.17:900
username=toto
password=titi
action=1

Usage

java -jar jclntauth.jar -f tst

 

Configuration for authorization and deauthorization

In this context we have 2 configuration files, that are called on and off. Jclntauth will use take once on as parameter and the other time it will take off as parameter.

ON

url=http://194.191.78.17:900
username=toto
password=titi
action=1

OFF

url=http://194.191.78.17:900
username=toto
password=titi
action=2

 

Utilization

java -jar jclntauth.jar -f on 

do_ something

java -jar jclntauth.jar -f off

 

 

Process automation under Windows

To automate a process you will find here below 2 small scripts that will perform authorization and deauthorization under Windows. Jclntauth is installed in directory C:\bin\jclntauth

jon.bat

ECHO OFF
echo %1
set location=%cd%
cd C:\bin\jclntauth
java -jar jclntauth.jar -f on %1
cd /D %location%

 

joff.bat

ECHO OFF
echo %1
set location=%cd%
cd C:\bin\jclntauth
java -jar jclntauth.jar -f off %1
cd /D %location%

Process automation under Unix

Under Unix the program is called in the same way. Scripts can be added to ease uage of the tool.

Multiples firewalls 

You will have several configuration files, one for each firewall. If a specific configuration file is prepared for a specific firewall you will call the tool with

java -jar jclntauth.jar -f  conf_file_specific_firewall_on

and

java -jar jclntauth.jar -f  conf_file_specific_firewall_off

Travelling user.

Mobile users if they always authenticate to the same firewall, they are in a single firewall configuration mode. If a travelling user is chnaging locations and as such changes the firewall through which he has to authenticate, then he must behave as described in section about multiples firewall.

 

Download

    size
Windows 2000/XP/.Net jclntauth.zip  
Unix jclntauth.tar.Z  

Download Java environment

To download the JRE follow the link below.

http://java.sun.com/j2se/1.4.1/download.html

 


353

 

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: novembre 14, 2006 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.

   
 
 
 
 
 
 Publications
  
 Christian ALT  
      
   
Translate this page from:
 
 
French Summary

Jclntauth est un outil qui permet d'automatiser la tâche d'authentification sur un firewall Checkpoint ou Nokia. Il est destiné à l'automatisation de processus. C'est à dire que si une tâche a besoin d'accèder à Internet et qu'elle doive passer par un firewall qui demande une  authentification elle sera bloquée. Jclntauth permet d'automatiser la procédure d'authentification.

L'outil permet également de simplifier les authentifications répétitives d'un individu.

Nous utilisons cet outil sous Windows XP/2000/.Net, sous Linux et sous Solaris. Nous avons ainsi automatisé la mise à jour de nos anti-virus, des accès de nos aspirateurs web et des tâches de sauvegarde.

Le même outil fonctionne dans ces différents environments.