Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
XYPRO Technology Corporation 43 Proprietary and Confidential
Chapter 5. Configuring Control Logons
Based on Requestor
Program
REQUESTOR is an optional criterion. Every logon request comes from a process
executing the USER_AUTHENTICATE_ or VERIFYUSER procedure. The process for
executing one of these two system calls is called the REQUESTOR. The XUA rules
based on the requestor, deal with rules based on exactly which program the user is
logging on to.
5.1 Procedure
The following syntax and example shows how to restrict logons based on the
requestor program.
Syntax:
REQUESTOR <object filename>
The Example below will deny everyone from the ACLGroup $EVERYONE to logon as
anybody if the requestor is $SYSTEM.ZTCPIP.FTPSERV and the IP address is
satisfied.
Example: How to restrict logons based on the requesting program
UAGROUP FTP-LOGON-CONTROL
DESCRIPTION "RESTRICTED IP ADDRESS FOR FTP"
!Selection Criteria:
FROM_USER $EVERYONE
TO_USER $EVERYONE
PORT $* 3.1.1.16
RESULT_DENIED
REQUESTOR $SYSTEM.ZTCPIP.FTPSERV
Refer to the REQUESTOR keyword discussion on page 280 in Appendix B:The
UAACL File.”