Manualshelf

HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
301302303304305306307308309310
the first step in the FSM, before the request is dispatched for processing. The request
ingress policy can be used to alter the request in one of the following ways:
A-V pairs may be added, changed, or removed.
The request classification may be altered.
The request may be rejected immediately.
The request may be dropped entirely and no reply is sent.
Figure 25-1 (page 305) illustrates the flow of the request ingress policy.
Figure 25-1 Flow of the Request Ingress Policy
User Policy
After authentication, all requests are subjected to user policy. The user policy is applied
only after successful authentication. A user policy can be specified in a Policy-Pointer
attribute on the request, either as a check item or a reply item.
If the Policy-Pointer attribute is found in the check items, then the HP-UX AAA Server
does not look for one in the reply items. The value of the Policy-Pointer attribute must
specify the URL for the decision file to be evaluated.
If a request contains a Policy-Pointer attribute, either as a check item or a reply item,
the specified policy is applied.
If the request does not contain a Policy-Pointer, then no user policy is applied. In this
case, the POLICY action returns an ACK event to the FSM.
Figure 25-2 illustrates the flow of the user policy.
Invoking a Policy 305