XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

301

302

303

304

305

306

307

308

309

310

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 278 Proprietary and Confidential

Example: How to specify the SERVICE program in PORTCONF for XYGATETR Logon

21 $SYSTEM.XYGATEUA.SERVICE -xuaobject:$SYSTEM.XYGATETE.XYGATETR

When the above entry is present in the PORTCONF file, then XUA uses the program

named SERVICE to retrieve the IP address of the XYGATETR logon.

B39: RADIUS_AUTHENTICATE

The RADIUS_AUTHENTICATE keyword value determines if the authentication

request will be sent to the RADIUS server, and in what manner.

Syntax:

RADIUS_AUTHENTICATE {ON | OFF | OPTIONAL}

ON – Users will be authenticated via RADIUS Password technology. If the RADIUS

server is not available for communication with XUA for any reason, the logon request

will be denied.

OFF – If both the UACONF and UAACL have this keyword set to OFF, users will only

be authenticated by Safeguard, and not RADIUS. If the keyword is present in both files

and the values are different, the value in the UAACL will take precedence. When

running the XUA_RADIUS_INSTALL macro (page 121) as the initial step in configuring

the RADIUS interface, the answer to the prompt “Do you want to use RADIUS

authentication for all NonStop users?” will create an entry in the UACONF file. This

entry can be changed at anytime by direct editing of the UACONF file

RADIUS_AUTHENTICATE.

OPTIONAL – If communication with the RADIUS server is successful, the RADIUS-

controlled PASSWORD verification is invoked as if the value was ON. But if the

RADIUS server is unavailable, the user will be prompted for RADIUS and Safeguard

password but the Password verification will be based on the Safeguard password that

was entered. The setting of OPTIONAL may be beneficial if implemented in the

UAACL file for a specific group of users who would require RADIUS authentication yet

need access to the NonStop server, even if the RADIUS server is down. The users

must maintain and remember their NonStop passwords for such cases.

If present in a UAGroup, this keyword’s value overrides the one in the UACONF file.

If this keyword is omitted, the value in the UACONF file is used.

Example – How to specify users who should be authenticated via RADIUS:

UAGROUP OPERATORS

Description "All operators authenticated with RADIUS Password"

RADIUS_AUTHENTICATE ON

!Selection Criteria:

FROM_USER $EVERYONE

TO_USER $OPERATORS