HP-UX AAA Server A.08.02 Administrator's Guide
27 Customizing the HP-UX AAA Server Using Policies
This chapter explains how you can use policies to customize the HP-UX AAA Server. This chapter
also discusses some sample policy implementations.
This chapter addresses the following topics:
• “Policy Overview” (page 300)
• “Defining a Policy in a Decision File” (page 301)
“Action Commands” (page 302)◦
◦ “Attribute Specifications” (page 308)
◦ “Attribute Functions” (page 310)
◦ “Value Types” (page 315)
◦ “Arithmetic Expressions” (page 316)
◦ “Supported Boolean Operators” (page 317)
◦ “Type Compatibility” (page 319)
• “Invoking a Policy” (page 320)
“Invoking Policies Through Predefined Policy Hooks” (page 320)◦
◦ “Modifying the FSM for Specific Customizations ” (page 324)
• “Sample Policy Implementations” (page 325)
“Dynamic Access Control” (page 325)◦
◦ “ DNIS Routing” (page 326)
Policy Overview
Advanced policy actions enable you to manipulate the RADIUS contents based on the contents of
the RADIUS request and reply packets, and various system contexts (for example, a local IP Address).
Policy modules are invoked using the Finite State Machine (FSM) and can be executed at any time
during processing of the RADIUS packet. When a policy AATV is invoked, you can specify the
policy definition file. The following predefined policy files are included in the default FSM:
• request-ingress.grp
• reply-egress.grp
• proxy-egress.grp
• proxy-ingress.grp
300 Customizing the HP-UX AAA Server Using Policies