XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 276 Proprietary and Confidential
B38: PORT
The PORT keyword limits which port these rules apply to. PORT is specified by
terminal and incoming IP address. Both must be included. The hometerm of the
authenticating process must match one of the terminals listed. The IP address derived
from the hometerm of the authenticating process must match one of the IP addresses
listed.
A PORT of $* represents all terminals.
A PORT of +* represents all numeric starting IP addresses.
Syntax:
PORT <token> <token> [<token> ...]
Where <token> is one or more terminals or IP addresses separated by spaces.
At least two tokens must be specified, at least one token must be a terminal and at
least one token must be an IP address. Tokens can contain the following wildcards:
+ any single digit.
* one or more characters, allowed just before a period or as the last character.
? any single character.
@ any single-alpha character.
Example 1 below will not allow any user to logon as SUPER.SUPER from any logged
off programs running from any numeric starting IP address or terminal.
Example 1: How to restrict logons by PORT
UAGROUP Super-From-Logged-Off-Programs
DESCRIPTION "Don't allow 0,0 to logon AS SUPER.SUPER regardless of PORT"
RESULT_DENIED
!Selection Criteria:
PORT $*.#* +*
FROM_USER 0,0
TO_USER SUPER.SUPER
Example 2 below will allow any user to logon as SUPER.SUPER or any alias
beginning with the characters "sup-" at the CONSOLE (with a password), regardless of
the incoming IP address.
Example 2: How to restrict Who Can Logon to the Console
UAGROUP Super-From-Logged-Off-Programs
DESCRIPTION "Only these IDs can logon to the CONSOLE"
PASSWORD_REQUIRED ON
RESULT_GRANTED
!Selection Criteria:
PORT $YMIOP.#CLCI +*
FROM_USER $EVERYONE
TO_USER SUPER.SUPER alias:"sup-*"