Satyr Manual |
 |
This section describes the installation and configuration of the authentication agent on Microsoft Windows and Debian GNU/Linux platforms. The authentication agent has to be installed on every computer having access to authenticated services. The agent has two components:
Satyr Multiplexer: A daemon running in the background, accepting the connections coming from Zorp and verifying the SSL certificates of Zorp (if the communication is encrypted). In multi-user environment the Multiplexer displays the dialog of the Satyr Client on the desktop of the user initiating a connection requiring authentication.
Satyr Client: This application collects the information required for the authentication, e.g.: the username, authentication method, password, etc.
The installers automatically install both components. The components require approximately 5 MB of free hard disk space.
Zorp Authentication Agent (Satyr) supports the Windows 2000 and Windows XP operating
systems. The installer is located in the \windows\satyr\ folder of the
Zorp CD-ROM, its latest version is also available from the BalaBit website (http://www.balabit.hu).
Place the Zorp CD-ROM into the CD drive and start the
satyr-setup.exe file located in the
\windows\satyr\ folder.
![[Warning]](./warning.png) |
Warning |
|---|---|
Administrator privileges are required to install the application. |
Select the language of the installer (English / Hungarian).
After the installer starts, the End-User License Agreement is displayed, that can be accepted by clicking I agree. The installation can be aborted any the during the process by clicking Cancel.
Select the destination folder for the application and click
Install. The default folder suggested by the installer is
C:\Program Files\Satyr Client.
The installer copies the required files and registers a service called Satyr Multiplexer, which is started after the registration. Details about the copied files can be displayed by clicking Show details.
Optional step: If the authentication agent and Zorp communicate via an SSL-encrypted channel (recommended), the certificate of the Certificate Authority (CA) signing the certificates of the Zorp firewalls can be imported to the authentication agent. Click Browse, select the CA certificate to import, then click Close.
![[Note]](./note.png) |
Note |
|---|---|
The CA certificate has to be in DER format. It is not necessary to import the certificate during the installation, it can also be done later. For details about encrypting the agent-Zorp authentication see Section 4.1.3, “Configuring SSL connections (Windows)”. |
After the installer has completed the above steps, click Close.
The Zorp Authentication Agent (Satyr) logo is displayed on the system tray, indicating that the application is running. It is also started automatically after each Windows startup.
This section describes the installation of the Zorp Authentication Agent on Debian GNU/Linux operating systems.
Procedure 4. Upgrading apt
As a first step, the apt package manager hs to be upgraded to support HTTPS connections.
On Debian Sarge distribution add the following line to the
/etc/apt/sources.list file:
deb http://apt.balabit.hu/zorp-gpl-os debian-sarge/apt-sarge sarge-backport
On Debian Woody distribution add the following line to the
/etc/apt/sources.list file:
deb http://apt.balabit.hu/zorp-gpl-os debian-woody/apt-woody woody-backport
Issue the following commands as root:
apt-get update
apt-get install apt
Download the CA certificate of the apt.balabit.hu server
from the following address:
http://www.netlock.hu/index.cgi?ca=uzleti&lang=HU&tem=ANONYMOUS/kulcsjegyzok/adatok.tem
Select Save into file from the combobox located next to
the button labeled Certificate Authority certificatethen
click on the button. Save the index.cgi file (e.g.: into
/tmp/index.cgi), rename it to
balabit.crt and copy it into the
/etc/ssl/certs directory. To accomplish this, issue the
following command as root:
cp /tmp/index.cgi /etc/ssl/certs/balabit.crt
|
Note |
|---|---|
If this directory does not exist, install the |
Create a symlink called /etc/ssl/certs/5a5372fc.0
pointing to the /etc/ssl/certs/balabit.crt file:
ln -s /etc/ssl/certs/balabit.crt /etc/ssl/certs/5a5372fc.0
Completing the above step concludes the updating of apt.
Install the authentication agent.
On Debian Sarge distribution add the following line to the
/etc/apt/sources.list file:
deb https://username:password@apt.balabit.hu/zorp-os debian-sarge/3.0 common common-gpl \
satyr common sarge-backport
On Debian Woody distribution add the following line to the
/etc/apt/sources.list file:
deb https://username:password@apt.balabit.hu/zorp-os debian-woody/3.0 common \
common-gpl satyr common
|
Note |
|---|---|
Replace username and password with your username and password received from BalaBit IT Security. |
Issue the following commands as root:
apt-get update
apt-get install satyr
The above commands install the satyr (Satyr client) and the
satyr-mpxd (Satyr Multiplexer) packages.
The Multiplexer is automatically started after the installation. It can be
stopped or started by issuing the /etc/init.d/satyr-mpxd
command with the stop or start
parameters, respectively.
The client is launched when X11 is started. It is important that it has to be
started manually by running satyr-gtk.
© 2006 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com
