Bay Networks 6300 Supplement Manual page 266
Supplement to the remote annex administrator’s guide for unix
Hide thumbs
Also See for 6300:
- Hardware installation manual (138 pages) ,
- Quick start manual (60 pages) ,
- Ordering manual (2 pages)
Table of Contents
Advertisement
Chapter 15
Using RA 6300 Security
Book A
One Match per File
You can enter an unlimited number of profile criteria specifications in
each of the acp_regime and acp_userinfo files. However, for any single
set of connection conditions, erpcd uses only the first matching
specification it finds in each file. Consequently, the placement of profile
criteria specifications is important. For example, suppose that user chris
belongs to a group named engineering and that the first line in
acp_regime specifies that the engineering group should be authenticated
via Kerberos, while the second line specifies that user chris should be
authenticated by SecurID. The result is that chris is authenticated by
Kerberos, since a match for the group entry is found first.
The first-match algorithm is also true for acp_restrict entries that apply
to CLI (telnet and rlogin) connections. However, acp_restrict entries
for PPP and SLIP are treated differently (see
Limiting Access to Hosts
via acp_restrict
on page 15-269).
The Resulting Security Profile
Once erpcd has found all the matching profile criteria in acp_regime,
acp_userinfo, and acp_restrict (using the one-match-per file rule where
appropriate) for a given set of connection conditions, the result is a single
security profile.
Remote Annex 6300 Supplement to the Remote Annex Administrator's Guide for UNIX
A-238
Advertisement
Table of Contents
