Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
XYGATE
®
User Authentication
(XUA) 1.85 Reference Manual
Chapter 11. Configuring the Impersonation Feature
XYPRO Technology Corporation 58 Proprietary and Confidential
In Example 5 below, the password of alias super1 has expired.
Example 5: Password expired TO_USER
TACL 1> logon super1
Password://OPER.TOM//mypass
*ERROR* Impersonation not allowed since user's password has expired.
Note: If the password of the impersonator and the TO_USER has expired, then
XYGATEUA sets the logon rejection message as
*ERROR* Impersonation not
allowed since your password has expired
.
However, because of a peculiarity in Safeguard, the logon is rejected where the
message
*ERROR* Invalid username or password is passed on instead of the
message set by XUA.
In Example 6 below, TECH.USER1 was able to su by impersonating as alias 79tst1.
Members of the TECH group can do su only on an XAC audited terminal because the
port in the following UAGROUP is set to $*.#xoa:$system.xygateac.xygateoa.
Example 6: Allowing selected users to su to webmaster by impersonation
UAGROUP AUTH-USERS-su-2-PRIVIDS
DESCRIPTION "Tech users can logon as the webmaster to perform web maintenance
tasks only from XAC Terminal"
!Selection Criteria:
FROM_USER TECH.*
TO_USER Alias:”webmaster”
REQUESTOR /bin/su
PORT $*.#xoa:$system.xygateac.xygateoa
IMPERSONATION_FROM_USER 79,255 ALIAS:"79tst1"
IMPERSONATION OPTIONAL
AUDIT_ACCESS_PASS ON
AUDIT_ACCESS_FAIL ON
/G/VSNS/TECH1> su
Password: //79tst1//pass79
#whoami
WEB.MASTER
#