Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
XYGATE
®
User Authentication
(XUA) 1.85 Reference Manual
Chapter 11. Configuring the Impersonation Feature
XYPRO Technology Corporation 57 Proprietary and Confidential
11.2 Examples of Impersonation Logons
Setting up and using the impersonation feature is described in the previous section.
This section provides examples of impersonation logons only.
In Example 1 below sec.admin is the impersonator and is logging on in TACL as
the alias super1, which is defined in the UAGROUP example in the previous
section.
In the Password field, sec.admin enters his username preceded and followed by
the special characters (defined by IMPERSONATION_CHARACTERS in the
UACONF file) and followed by his own password (mypass).
Example 1: User’s impersonation logon:
TACL 1> LOGON super1
Password://sec.admin//mypass
Alias SUPER1 logged in.
In the Example 2 below, sec.admin is the impersonator and is trying to logon as
SEC.MGR, a non-SUPER.SUPER.
Example 2: Using impersonation to logon as non-SUPER.SUPER:
TACL 1> LOGON SEC.MGR
Password://sec.admin//mypass
User SEC.MGR logged in.
XUA will consider a password change request during an impersonation logon to be
an error and reject the logon to avoid the problem of getting the TO_USER’s
password being changed instead of the impersonators password. In Example 3
below, the user oper.mgr is trying to change his password during impersonation.
Example 3: Password change during impersonation:
ACL 1> logon SUPER.SUPER
Password://oper.mgr//oldpass//newpass
XYGATEUA rejects the logon with the following error message:
*ERROR* Password change not allowed when using Impersonation
If the password of the impersonator (user entered in the password field) or the
TO_USER (user entered in the userid field) is expired, then XUA rejects the logon
with an error. In Example 4 below, the password of user OPER.JOE has expired.
Example 4: Password expired impersonation
TACL 1> logon SUPER.SUPER
Password://OPER.JOE//mypass
*ERROR* Impersonation not allowed since your password has expired