XYGATE User Authentication Reference Manual

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 257 Proprietary and Confidential

UAGroup RSA-Related Keywords

RSA_AUTHENTICATE { ON | OFF | OPTIONAL }

RSA_REQUIRE_PASSWORD { ON | OFF }

UAGroup Userid-Mapping Keywords

MAP RE:"<regular expression>" <operator>

B7: ANCESTOR

The ANCESTOR keyword allows selection of userids to which these rules apply based

on the ancestor of the requestor to which the user is logging on. The ancestor can be

specified using a wildcarded object file name.

Syntax:

ANCESTOR <object file of the requestor’s ancestor>

In the Example below, the UAGROUP Super-From-Logged-Off-Tacl will be selected

if any user tries to logon to SUPER.SUPER from a logged-off TACL (whose ancestor

is $SYSTEM.ZTCPIP.LOGIN).

Example: How to restrict direct logons to privileged userids

UAGROUP Super-From-Logged-Off-Tacl

DESCRIPTION "Do not allow 0,0 to logon to SUPER.SUPER"

RESULT_DENIED

!Selection Criteria:

FROM_USER 0,0

TO_USER SUPER.SUPER

ANCESTOR $SYSTEM.ZTCPIP.LOGIN