HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

401

402

403

404

405

406

407

408

409

410

Deny-Message = "*"

NAS-Port != 3160

This wildcard string sends the following message indicating what

deny item triggered the rejection:

Access denied,

NAS-Port != 3160

IMPORTANT: The Deny-Message will only be returned if a deny

item (Attribute!= Value) comparison fails. It will not be returned if

a check item fails.

Expiration In date format, specifies when an entry expires. After the date, the

user will receive an Access-Reject with the message, “Password has

expired,” in response to all Access-Requests. The correct syntax is

as follows:

Expiration = mth day year

mth is the first three letters of the month. day is the two-digit date.

year is the four-digit year. The following is an example of an

Expiration check item:

Expiration = Jan 31 2004

Group-Name Can be any string value. Unlike other configuration-only attributes,

Group-Name initially appears in a user entry as a reply item and

would be used as a check item in a policy definition by LDAP or a

customized authentication method.

Password Specifies the value to compare to the User-Password attribute value

in the Access-Request or the user's input in response to an

Access-Challenge. The \ character must not be used.

NOTE: The RADIUS protocol does not send clear text passwords.

Passwords are encrypted with the client and server’s shared secret

according to RFC 2865.

To specify an encrypted password you must follow the syntax

{Encrypt-type} Encryptd-password, where Encrypt-type

is the method used to encrypt the password and

Encryptd-password is the encrypted password. Encrypt-type

can be specified as:

• crypt

• md5

• x-nthash

• x-lmhash

Server-Name The additional parameter, usually a DNS name or IP address,

required to perform the specified authentication type.

User-Category Can be any string value. Unlike other configuration-only attributes,

User-Category initially appears in a user entry as a reply item and

would be used as a check item in a policy definition by LDAP or a

customized authentication method.

Xvalue This attribute provides a means to pass an integer value to an action.

Xstring This attribute provides a means to pass a string value to an action.

Attributes in User Profiles 405