HP-UX AAA Server A.07.01 Administrator's Guide
Example 25-1 An example of a policy file that restricts Session-Timeout to one hour for
guests, removes unwanted attributes, and provides administrative privileges to
administrators
# Guests have a session-timeout of one hour. Normal users
# have 5 hours.
if (substr (User-Name after "@") = "guest.example.com")
{
insert Session-Timeout = 3600
} else
{
insert Session-Timeout = 18000
}
if( NAS-IP-Address = "192.168.0.1")
{
# Delete Filter-Id for NASes that do not support it.
delete Filter-Id
}
if( User-Name = "admin")
{
# Modify Service-Type to provide administrative privileges.
modify Service-Type = "Administrative"
}
This section describes the syntax and usage of the various commands. It also explains
how to specify attributes and values. This section discusses the following topics:
• “Action Commands.”
• “Attribute Specifications” (page 293)
• “Value Types” (page 301)
• “Supported Operators” (page 302)
• “Type Compatibility” (page 303)
Action Commands
A decision file contains a series of action commands that specify the action to be
performed by the policy. Following are the action commands that you can specify:
• “The delete Command.”
• “The insert Command.”
• “The modify Command” (page 289)
• “The exit Command” (page 290)
• “The log Command” (page 290)
• “The if Command” (page 291)
The following sections discuss these action commands in detail.
Defining a Policy in a Decision File 285