HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

311

312

313

314

315

316

317

318

319

320

Table 95 Compatible Attribute Types

Compatible Attribute TypesValue Type

Integer-value

• integer

• tag-int

• short

• octet

String-value

• string

• tag-str

• octets

• date

Date-value

IP-address-value

• ipaddr

• ipv6addr

• ifid

• ipv6prefix

You must not mix attributes from different value-type groups, because this can cause a type mismatch

load-time error.

Invoking a Policy

You can invoke policy using one of the following methods:

• “Invoking Policies Through Predefined Policy Hooks.”

• “Modifying the FSM for Specific Customizations ” (page 324)

This section also discusses the commonly used attributes for specifying policies.

Invoking Policies Through Predefined Policy Hooks

The following predefined hooks can be used to invoke policies without modifying the FSM:

• “Request Ingress Policy.”

• “User Policy” (page 321)

• “Reply Egress Policy” (page 322)

• “Proxy Egress Policy” (page 322)

• “Proxy Ingress Policy” (page 323)

Request Ingress Policy

Request ingress policy can be configured in the request-ingress.grp decision file in the

server's configuration directory. The policy configured in this file is applied as the first step in the

FSM, before the request is dispatched for processing. The request ingress policy can be used to

alter the request in one of the following ways:

• A-V pairs may be added, changed, or removed.

• The request classification may be altered.

• The request may be rejected immediately.

• The request may be dropped entirely and no reply is sent.

Figure 93 (page 321) illustrates the flow of the request ingress policy.

320 Customizing the HP-UX AAA Server Using Policies