Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
271272273274275276277278279280
XYGATE
®
User Authentication
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 250 Proprietary and Confidential
! -------------------------------------------------------------------
! The following groups enforce stepped-logons to PrivIDs in OSS & NSK
! And if any users can log directly on as a PrivID
! And control su to PrivIDs in OSS
UAGROUP ALLOW-USERS-TO-PRIVIDS-OSS
DESCRIPTION "must logon to own id before privid"
RESULT_GRANTED
!Selection Criteria:
FROM_USER $OK2PRIV
TO_USER $PRIV-IDS
REQUESTOR $SYSTEM.SYSnn.LOGIN !required to control OSS logons
UAGROUP DENY-USERS-TO-PRIVIDS-OSS
DESCRIPTION "must logon to own id before privid"
FROM_USER $EVERYONE
TO_USER $PRIV-IDS
RESULT_DENIED
REQUESTOR $SYSTEM.SYSnn.LOGIN !required to control OSS logons
UAGROUP ALLOW-USERS-TO-PRIVIDS-NSK
DESCRIPTION "Users CAN logon to PrivIDs with the Password"
!AUTHENTICATE_FAIL_FREEZE OFF ! target ID's won't FREEZE
PASSWORD_REQUIRED ON
RESULT_GRANTED
!Selection Criteria:
FROM_USER $OK2PRIV
TO_USER $PRIV-IDS
UAGROUP DENY-USERS-TO-PRIVIDS-NSK
DESCRIPTION "These users are NOT GRANTED to protected userids"
RESULT_DENIED
FROM_USER $EVERYONE
TO_USER $PRIV-IDS
! Can also put RSA_AUTHENTICATE ON in the UACONF file
! to make it global. The exceptions are the PRIV-IDs, so
! the PRIV-ID rule below has RSA_AUTH OFF
! everyone else will be authenticated via RSA.
!UAGROUP RSA-AUTHENTICATION-REQUIRED
!RSA_AUTHENTICATE OFF
!!Map Guardian ID to RSA ID:
!map re:"^.*$" append "mycompany.com"
!!Selection Criteria:
!TO_USER $EVERYONE
!FROM_USER $PRIVI-IDS
! -------------------------------------------------------------------
! This rule used if no other UAGROUP has matched:
UAGROUP EVERYONE-ELSE
DESCRIPTION "This rule lets everyone logon as themselves"
PASSWORD_REQUIRED ON
!Selection Criteria:
FROM_USER $EVERYONE
TO_USER $EVERYONE