HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

291

292

293

294

295

296

297

298

299

300

Using Xstring to call Policy

With the POLICY module, you can use the Xstring parameter to specify an URL where policy

definitions are stored. These policies group requests based on Attribute Value (A-V) pairs in an

Access-Request. These policies allow the request to be resolved differently according to those

values. For example, with some additional modifications to the FSM you can control access based

on dial-in date and time, or perform Dialed Number Identification Service (DNIS) routing based

on the number dialed, or other such criteria.

Xstring=decisionfile:Filename

Where:

Filename The name of the file.

This syntax allows you to point to policy stored in a flat file (called a decision file, see Chapter 27

(page 300)).

NOTE: You can configure the FSM to call the POLICY action more than once. The FSM must

call POLICY in multiple instances for each different decision file you wish to use.

Using Xstring to Call an Alternate authfile

With the REALM action you can use the Xstring parameter to point to an alternate authfile. Use

the following syntac to use Xstring to call an alternate authfile:

Xstring=Filename

Filename is the name of the alternate file.

The authfile is used by the REALM action while processing the Authentication request. Set Xstring

with the prefix name of the authfile to use an alternate authfile instead of the default authfile.

Event Names

After an action completes its task, it returns an event name to the FSM. The previous state, action,

and the event name determine the current event, which in turn determines the next action of the

FSM. The event names returned by the standard HP-UX AAA Server actions are predefined, but

you can create your own names by modifying the FSM. To implement your own policy decisions

or custom logging, you can configure the server to return predefined or custom event names by

using the Decision attribute in stored policy.

Predefined Event Names

Several event names that can be returned by an action are predefined in the server.

Table 85 Predefined Event Names

DescriptionEvent Name

The incoming request is an Accounting-Request.ACCT

Access-Challenge message must be sent in response to an access

challenge.

ACC_CHAL

The incoming Accounting-Request is an interim accounting

message.

ACCT_ALIVE

The incoming Accounting-Request is a message to cancel the

session.

ACCT_CANCEL

The incoming Accounting-Request is a duplicate.ACCT_DUP

The originating NAS has just rebooted, so all active sessions from

this client can be purged.

ACCT_MSTART

The originating NAS is about to reboot.ACCT_MSTOP

292 Customizing the HP-UX AAA Server Using the Finite State Machine