XYGATE User Authentication Reference Manual

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 255 Proprietary and Confidential

UAGROUP EVERYONE-ELSE in Example 1 above will allow any user to logon as

any other user if he or she knows the password. Only logons that have not been

“caught” by prior UAGroups will be ruled using this UAGROUP EVERYONE-ELSE.

You can use the exclamation point ( ! ) to start a comment anywhere on a line; the

comment will continue for the remainder of the line. UAGroup entries can be quite

complex. You should document your work extensively using comments so that anyone

administering XUA will understand what you have done.

B6: The UAGroup Keywords

For each User Authentication Group (UAGroup), the following categories of

information are to be supplied. These are listed below with their relevant keywords.

UAGroup Information

This category allows you to define an ACL group name and provide a descriptive string

of text.

UAGROUP <User Authentication Group Name>

DESCRIPTION "<string>"

UAGroup Selection criteria

The selection criteria used in a UAGroup determines when XUA will use the group to

authorize logons. The only required selection criteria keywords are:

FROM_USER <user list>

TO_USER <user list>

The following keywords are optional:

ANCESTOR <object file of the requestor’s ancestor>

PORT { [<port>] [<IP list>]}

REQUESTOR <object filename>

A particular logon request must match all the selection criteria in a UAGroup for that

group to be used to either allow or deny the request.

UAGroup Password-Related Keywords

OMIT_PASSWORD_USERS <user list>

PASSWORD_MAY_CHANGE <number>

PASSWORD_REQUIRED { ON | OFF }