HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

301

302

303

304

305

306

307

308

309

310

Notes:

• Customers can also write their own policy decision files and invoke them from the FSM or the

user profiles.

• This chapter discusses only the new (and easier to use) format for creating decision files. The

old format contains policy group entries that are still supported. However, the old format is

not documented in this chapter. For information about the old syntax, see Appendix E

(page 442).

• You cannot create a single decision file using syntax from both formats.

Defining a Policy in a Decision File

A decision file is evaluated from beginning to end against the request, by removing, modifying

and/or adding A-V pairs as specified until an Exit command is encountered. Any remaining lines

are not evaluated. The Exit command specifies the event to be returned to the FSM. The event is

used to control the flow through the FSM. If the end of the file is reached without executing an Exit

command then the ACK event is returned to the FSM. For more information on FSMs, see Chapter 26

(page 290).

Example 11 An example of a policy file that restricts Session-Timeout to one hour for guests, removes

unwanted attributes, and provides administrative privileges to administrators

# Guests have a session-timeout of one hour. Normal users

# have 5 hours.

if (substr (User-Name after "@") = "guest.example.com")

{

insert Session-Timeout = 3600

} else

{

insert Session-Timeout = 18000

}

if( NAS-IP-Address = "192.168.0.1")

{

# Delete Filter-Id for NASes that do not support it.

delete Filter-Id

}

if( User-Name = "admin")

{

# Modify Service-Type to provide administrative privileges.

modify Service-Type = "Administrative"

}

This section describes the syntax and usage of the various commands. It also explains how to

specify attributes and values. This section discusses the following topics:

• “Action Commands.”

• “Attribute Specifications” (page 308)

• “Value Types” (page 315)

• “Supported Boolean Operators” (page 317)

• “Type Compatibility” (page 319)

Defining a Policy in a Decision File 301