XYGATE User Authentication Reference Manual
XYPRO Technology Corporation 55 Proprietary and Confidential
Chapter 11. Configuring the
Impersonation Feature
Impersonation is a feature that removes the need for users to share sensitive logon
IDs such as that of SUPER.SUPER. The Impersonation feature allows authentication
using third-party credentials. For example, security.user can logon as
security.manager by supplying the username of security.user, password and the
IMPERSONATION_CHARACTERS defined in The UACONF File.
The impersonation feature can be used to remove the need to logon to various
NonStop GUI utilities such as Visual Inspect, MOMI, and Prognosis as
SUPER.SUPER in order to use the utility. For example impersonation allows a user to
logon with a username of SUPER.SUPER but authenticate using his or her own
username and password. Instead of using SUPER.SUPER’s password to authenticate
the logon, XUA will use the initiating user’s password.
The IMPERSONATION keyword in the UAACL file applies to the combination of
FROM_USER <user-list> and TO_USER <user-list> defined within an
impersonation UAGroup.
When impersonation is enforced, the REQUESTOR keyword must also be used so
that the functionality only applies to specific object files.
The IMPERSONATION_FROM_USER entry is checked against the user name
entered with the password. While this does mean that there is still a shared ID
involved, at least that ID’s password is not shared.
11.1 Setting up Impersonation
The following keywords are required for setting up the impersonation feature.
In the UACONF file:
IMPERSONATION_CHARACTERS <2 special characters>
In the UAACL file:
• FROM_USER (List of users that can use impersonation)
This keyword restricts the ID that the requestor program should be running as,
when it sends the logon request to Safeguard and XUA.
• TO_USER (List of users that impersonation can be used to logon as)
This keyword specifies the target userids that can be impersonated.