XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

141

142

143

144

145

146

147

148

149

150

XYGATE

User Authentication

™

Reference Manual

Chapter 14. Configuring the RADIUS Interface

XYPRO Technology Corporation 120 Proprietary and Confidential

Question 5: Do you want to use RADIUS authentication for all NonStop users?

Decide if all users who logon to the NonStop server will be authenticated using

RADIUS. This question is one of the prompts that appear during the

XUA_RADIUS_INSTALL macro run in the next section and configures the

RADIUS_AUTHENTICATE keyword.

The RADIUS_AUTHENTICATE keyword value determines if the authentication

request will be sent to the RADIUS server, and in what manner. This keyword can be

present in the UACONF file, the UAACL file or both. The UACONF value will be

enforced globally unless overridden by values set in individual UAGroups in the

UAACL file.

The following are the valid entries for the RADIUS_AUTHENTICATE keyword:

{ ON | OFF | OPTIONAL }.

ON – Users will always be authenticated by the RADIUS first, and then by Safeguard.

OFF – Users will only be authenticated by Safeguard, and not RADIUS.

OPTIONAL – RADIUS authentication is invoked as if the value is ON, but if the

RADIUS server is non-responsive, the authentication is diverted to Safeguard instead

of being denied.

If most users will be authenticated via RADIUS, it is best to set the

RADIUS_AUTHENTICATE to ON in the UACONF file. However, for privileged IDs that

will not be authenticated via RADIUS, create UAGROUPs with

RADIUS_AUTHENTICATE set to OFF.

If the answer to this question is NO, then RADIUS_AUTHENTICATE will be set to OFF

in the UACONF file. It can be manually set to ON for individual users or user groups in

the UAACL file.

If the answer to this question is YES, then RADIUS_AUTHENTICATE will be set to ON

in the UACONF file, meaning that this authentication method applies to all users,

except where a different authentication method is explicitly specified for individual

users or user groups in the UAACL file.

Question 6: Will Guardian passwords be required in addition to the RADIUS

password?

The RADIUS_REQUIRE_PASSWORD keyword value determines whether or not all

users, some users, or no users will be required to enter a Guardian PASSWORD in

addition to the RADIUS PASSWORD. This keyword can be present in the UACONF

file, the UAACL file or both. The UACONF value will be enforced globally unless

overridden by values set in individual UAGroups in the UAACL file.