HP-UX AAA Server A.08.02 Administrator's Guide
carl Password = carl, Policy-Pointer = “decisionfile://path-to-file”
or
fred Password = fred
Policy-Pointer = “decisionfile://path-to-file”
Reply Egress Policy
Reply egress policy can be defined in the reply-egress.grp decision file in the server's
configuration directory. The reply egress policy is applied as the final step in the FSM, just before
the RADIUS reply message is created and sent. The reply egress policy can be used to alter the
request in one of the following ways:
• A-V pairs may be added, modified, or removed
• The reply type may be changed
• The request may be dropped entirely and no reply is sent.
NOTE: If the client is defined as type=NAS or type=PROXY+PRUNE (possibly including vendors),
the pruning rules specified in the dictionary file are applied according to the reply type that was
in effect before the reply-egress policy is evaluated.
Figure 95 (page 322) illustrates the flow of information in the reply egress policy.
Figure 95 Flow of the Reply Egress Policy
Proxy Egress Policy
Proxy egress policy can be defined in the proxy-egress.grp decision file in the server's
configuration directory. The proxy egress policy is applied before the RADIUS proxy request
message is created and sent. The proxy egress policy can be used to alter the request in one of
the following ways:
• A-V pairs may be added, modified, or removed.
• The request may be rejected immediately.
• The request may be dropped entirely and no reply is sent.
• The proxy target host may be changed.
IMPORTANT: Do not modify, or remove any Proxy-State or Proxy-Action A-V pairs because it
can interfere with the proxy functionality.
Figure 96 (page 323) illustrates the flow of the proxy egress policy.
322 Customizing the HP-UX AAA Server Using Policies