Manualshelf

HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
401402403404405406407408409410
Examples
The following examples are syntactically valid A-V pair lists:
Password = "rock", Service-Type = "Framed", Comment = "This is OK"
Password =rock Service-Type =Framed Comment ="This is OK"
The following examples are not syntactically valid A-V pair lists:
Password="rock"Service-Type="Framed"Comment="This is not OK"
Password= rock Service-Type= Framed Comment= This is not OK
Tagged Attributes
A RADIUS message can include multiple values for one or more attributes that are
tagged to organize the attributes into defined groups. Depending on its capabilities, a
client or server can selectively use one set of tagged attributes. For example, an
Access-Accept can contain several different tunnel definitions. If it supports tagged
attributes, the client can select the definition to use. Tagged attributes can be used as
check or reply items.
Tagged attributes follow the syntax:
Attribute=:Tag:Value
Attribute: The attribute to tag.
Tag: A unique integer (less than 32) that identifies what set
this attribute belongs to.
Value: The attribute value.
For example, Tunnel-Type =:1:PPTP indicates an attribute value of PPTP that
belongs to a larger set of attributes, all tagged with 1, that collectively define one type
of tunnel that might be established for a user.
IMPORTANT: Some NASs do not support tagged attributes. HP recommends that
when you return multiple tunnel definitions to a client, you have at least one set of
attributes that is untagged or tagged with a 0 value, so that there is a tunnel definition
available to a client that does not support tags.
Attributes in User Profiles
The following attributes can be used to establish the authorization rules for a user
profile. Authorization determines the following:
The services and network resources that the user can access
The services that the user can access
The time duration that the user can access the network
The attributes in a user profile may act a configuration, check (and deny), or reply item.
Some attributes may act as both a check and reply items.
Attributes in User Profiles 401