Specifications
4-25
SET/DEFINE/CHANGE Commands
Description
The SET/DEFINE/CHANGE REALM command family sets up and tears down
the various realms used to identify particular administrative domains. These are
privileged commands.
Keywords
SECRET
The SECRET clause is used to specify a secret that the Access Server shares with
security servers from the realm. The Access Server software associates no default
secret with any realm.
HOST
The HOST clause associates a host with a realm. The Access Server software will
use this host to resolve authentication requests. The Access Server software will
accept either a domain name or an IP address as a host identifier. The PRIMARY
keyword indicates that the Access Server software should give first priority to this
host, (that is, it should begin all new authentication requests with this host). The
default is NOPRIMARY. A realm can have only one primary host.
INCLUDE/NOINCLUDE
The INCLUDE/NOINCLUDE clause (supported for RADIUS only) indicates
whether or not to include the realm name as part of the user ID. The default is
NOINCLUDE. This option exists as a convenience to the security administrator.
The clauses ACCESS, PERMISSIONS, CALLBACK, DIALBACK NUMBER,
DIALOUT NUMBER, DIALOUT SERVICE, and MAX CONNECT specify the
default authorization for users authenticated, but not otherwise authorized,
within the realm. The Access Server software provides default values for these
categories of information when the authentication service fails to provide them.
The NUMBER clause applies to both dialout and dialback (or callback) types of
access, and is most meaningful if it is a number mask, (that is, contains an element
of wildcarding). Specific, fully qualified telephone numbers do not make sensible
realmwide default values.
{
2
2
{
] [
[
....
{
2
2
{
] ( [
PERMISSIONS
)
]