HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)
27 Customizing the HP-UX AAA Server Using Policies
This chapter explains how you can use policies to customize the HP-UX AAA Server. This chapter
also discusses some sample policy implementations.
This chapter addresses the following topics:
• “Policy Overview” (page 301)
• “Defining a Policy in a Decision File” (page 302)
“Action Commands” (page 303)◦
◦ “Attribute Specifications” (page 309)
◦ “Attribute Functions” (page 311)
◦ “Value Types” (page 316)
◦ “Arithmetic Expressions” (page 317)
◦ “Supported Boolean Operators” (page 318)
◦ “Type Compatibility” (page 320)
• “Invoking a Policy” (page 321)
“Invoking Policies Through Predefined Policy Hooks” (page 321)◦
◦ “Modifying the FSM for Specific Customizations ” (page 325)
• “Sample Policy Implementations” (page 326)
“Dynamic Access Control” (page 326)◦
◦ “ DNIS Routing” (page 327)
Policy Overview
Advanced policy actions enable you to manipulate the RADIUS contents based on the contents of
the RADIUS request and reply packets, and various system contexts (for example, a local IP Address).
Policy modules are invoked using the Finite State Machine (FSM) and can be executed at any time
during processing of the RADIUS packet. When a policy AATV is invoked, you can specify the
policy definition file. The following predefined policy files are included in the default FSM:
• request-ingress.grp
• reply-egress.grp
• proxy-egress.grp
• proxy-ingress.grp
Policy Overview 301