Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
321322323324325326327328329330
Figure 93 Flow of the Request Ingress Policy
User Policy
After authentication, all requests are subjected to user policy. The user policy is applied only after
successful authentication. A user policy can be specified in a Policy-Pointer attribute on the request,
either as a check item or a reply item.
If the Policy-Pointer attribute is found in the check items, then the HP-UX AAA Server does not look
for one in the reply items. The value of the Policy-Pointer attribute must specify the URL for the
decision file to be evaluated.
If a request contains a Policy-Pointer attribute, either as a check item or a reply item, the specified
policy is applied.
If the request does not contain a Policy-Pointer, then no user policy is applied. In this case, the
POLICY action returns an ACK event to the FSM.
Figure 94 illustrates the flow of the user policy.
Figure 94 Flow of the User Policy
Invoking Policy from User Profiles
In the user profile (can be local users file, LDAP, or SQLAccess), add a Policy-Pointer as a check
or reply item with the full pathname of the decision file containing the group authorization policies.
Enclose the pointer in single or double quotes. The Policy-Pointer string cannot be more than 63
characters in length. For example:
Invoking a Policy 321