HP-UX AAA Server A.08.02 Administrator's Guide
5. The client request egress policy is invoked. In this step the policies configured in /etc/opt/
aaa/client-request-egress.grp are executed. This policy file can be used to insert,
modify and delete attributes from the dynamic authorization request.
6. ReplySend AATV is invoked. The dynamic authorization request is sent to the target host by
the ReplySend AATV. Subsequently, the request waits for a response. If the request is timed
out, it is retransmitted based on the configured retransmission interval and the maximum
number of retransmissions.
7. If there is no response after the configured maximum number of retransmissions are done, the
SQL Access AATV is invoked. The SQL Access AATV executes the SQL action set in the
attribute Client-Request-Timeout-ActionId. This SQL action will update the database
row to indicate that the dynamic authorization request timed out.
8. If a response is received for the dynamic authorization request, the client reply ingress policy
is invoked. In this step the policies configured in /etc/opt/aaa/
client-reply-ingress.grp are executed. Through this policy the SQL action to be used
to update the database table based on the response type, must be set in the attribute
Client-Request-Cleanup-ActionId.
9. SQL Access AATV is invoked. The SQL Access AATV executes the SQL action configured
in the attribute Client-Request-Cleanup-ActionId. This SQL action updates the
database based on the response type.
Figure 65 illustrates the sequence of steps involved in the processing of dynamic authorization
requests.
Figure 65 Dynamic Authorization Request Processing
Configuring for Dynamic Authorization
This section describes how to configure the HP-UX AAA Server for Dynamic Authorization. Figure 66
illustrates the different configurations for Dynamic Authorization.
216 Configuring the HP-UX AAA Server for Dynamic Authorization