HP-UX AAA Server A.08.02 Administrator's Guide

Figure 6 Authorization Steps

Authorization Steps

1. The server receives the Access-Request.

2. The server evaluates the request-ingress policy. This is the first step in the FSM, before the

request is despatched for processing. The request ingress policy can be used to alter the

request in one of the following ways:

• A-V pairs may be added, changed, or removed.

• The request classification may be altered.

• The request may be rejected immediately.

• The request may be dropped entirely, and no reply is sent.

If the request-ingress policy is evaluated successfully, the HP-UX AAA Server continues with

the authorization process.

3. If a request is being proxied, then the HP-UX AAA Server evaluates the proxy-egress and

proxy-ingress policies. The HP-UX AAA Server applies the proxy-egress policy before the

RADIUS proxy request message is created and sent. The proxy-ingress policy is applied after

the proxy response is received. Table 4 discusses how these policies are used to alter requests.

Table 4 How Requests are Altered Using the proxy-egress and proxy-ingress Policies

Use of the proxy-ingress PolicyUse of the proxy-egress Policy

A-V pairs can be added, modified, or removed.A-V pairs can be added, modified, or removed.

The reply type may be altered.The request may be rejected immediately.

The request may be dropped entirely and no reply is

sent.

The request may be dropped entirely and no reply is

sent.

The request may be rejected immediately.The proxy target host may be changed.

30 Overview: The HP-UX AAA Server