XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

261

262

263

264

265

266

267

268

269

270

XYGATE

User Authentication

™

(XUA) 1.85 Reference Manual

Appendix A: The UACONF File

XYPRO Technology Corporation 238 Proprietary and Confidential

A58: RADIUS_AUTHENTICATE

The RADIUS_AUTHENTICATE keyword value determines if the authentication

request will be sent to the RADIUS server and in what manner.

Syntax:

RADIUS_AUTHENTICATE {ON | OFF | OPTIONAL}

ON – Users will be authenticated via RADIUS server. If the RADIUS server is not

available for communication with XUA for any reason, the logon request will be denied.

Note: The userid’s status on the NonStop server will be evaluated by Safeguard in

addition to the RADIUS verification. For example, if the RADIUS server verifies

the validity of the RADIUS user account and its password, but in Safeguard’s

record the userid is expired, the logon request will be denied in this case. The

frozen status of the NonStop userid may be circumvented by the FROZEN_OK

keyword in either the UACONF or UAACL files.

OFF – If both the UACONF and UAACL files have this keyword set to OFF, users will

only be authenticated by Safeguard, and not RADIUS. If the keyword is present in both

files and the values are different, the value in the UAACL will take precedence.

When running the XUA_RADIUS_INSTALL macro (page 121) as the initial step in

configuring the RADIUS interface, the answer to the prompt “Do you want to use

RADIUS authentication for all NonStop users?” will create an entry in the UACONF

file. This entry can be changed at any time by editing the UACONF file.

OPTIONAL – If communication with the RADIUS server is successful, the RADIUS-

controlled password verification is invoked as if the value was ON. But if the RADIUS

server is unavailable, the user will be prompted for RADIUS and Safeguard password

but the Password verification will be based on the Safeguard password that was

entered. The setting of OPTIONAL may be beneficial if implemented in the UAACL file

for a specific group of users who would require RADIUS authentication yet need

access to the NonStop server, even if the RADIUS server is down. The users must

maintain and remember their NonStop passwords for such cases.

An identical value in the UAACL file overrules the value in the UACONF file for the

specified set of users.

Example – How to Require authentication via RADIUS:

RADIUS_AUTHENTICATE ON

The value of this keyword created by the XUA_RADIUS_INSTALL macro can be

changed by editing the UACONF file after the macro run is completed.