Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
XYGATE
®
User Authentication
(XUA) 1.85 Reference Manual
Chapter 11. Configuring the Impersonation Feature
XYPRO Technology Corporation 56 Proprietary and Confidential
IMPERSONATION (Allow or disallow impersonation)
If OPTIONAL, allow either target user’s password or use impersonation. If
ALWAYS, disallow "un-impersonated" logon. If OFF, disallow impersonation.
IMPERSONATION_FROM_USER (List of users whose password can be supplied
with impersonation)
This keyword specifies what userids can be used to impersonate the target
user IDs. The impersonator’s userid should be in this keyword’s “List of users. . .”
The REQUESTOR option can be used to restrict this behavior to logon requests
originating from specific object files.
The REQUESTOR option can be used to restrict this behavior to logon requests
originating from specific object files.
Example 1 below shows that user’s in $SUPER and $SECURITY can logon as
SUPER.SUPER or as Alias:"super1" or as SEC.MGR by impersonation from TACL.
Example 1: Setting up impersonation for TACL
Aclgroup $SUPER OPER.MGR OPER.JOE OPER.TOM
$SECURITY SEC.ADMIN
UAGROUP DSMSCM-SUPER-GROUP
!Members of SUPER group may use the impersonation feature
! to logon to TACL as super.super.
FROM_USER $EVERYONE
TO_USER SUPER.SUPER Alias:"super1" SEC.MGR
IMPERSONATION_FROM_USER $SUPER $SECURITY
IMPERSONATION OPTIONAL
REQUESTOR $SYSTEM.SYS22.TACL
UAGROUP EVERYONE-ELSE
PASSWORD_REQUIRED ON
RESULT_GRANTED
FROM_USER $EVERYONE
TO_USER $EVERYONE
Using the Impersonation Feature
In the Logon field, the user specifies the ID that he or she wants to impersonate (for
example, SUPER.SUPER).
In the Password field, the user enters the special characters defined by the
IMPERSONATION_CHARACTERS keyword in the UACONF file, followed by his or
her own username, the special characters again, and then his or her own password.
Examples of impersonation logons are provided in the next section.
Note: The leading special characters in the password field indicate to XUA that the
impersonation mode is being invoked.