Appendix A: SG-1Vendor-Specific Attributes

June 30, 2006

service:auth-source

This sub-attribute defines the source name to be used when the POPmaestro authorizes or authenticates a service with the RADIUS. The POPmaestro performs a RADIUS access request when a service is activated. The service:auth-source attribute defines the source name to be used as the user-name in this request. The authentication source can have one of the following values: user, service, or CLI. When the value is not service, the POPmaestro includes the requested service name in the RADIUS access request message (see user:service-name attribute). The authentication source default value is service. The attribute may be included only once in access- accept message. When appearing more than once, the system will consider the last attribute appearance.

General:

Operation Mode:

Access-Accept message

 

Service-Accept message

Vendor-type:

53

Vendor-length =

2 + name length + (3 - 7)

Format:

adc-avpair = "service:auth-source=<service user CLI>",

Example:

adc-avpair = "service:auth-source=CLI",

service:data-quota

This sub-attribute defines the service session data quota measured in bytes. The POPmaestro monitors the session to track the data quota usage. When a service runs out of quota (session quota termination event occurs), the system activates the next-service-name if defined (see next-service-name definition). This is true in case that the service authentication base is set to be service. Otherwise the POPmaestro activates reauthorization according to the configured service:auth-base value (see service:auth-base definition). A service:data-quota attribute with a zero value indicates the POPmaestro that the connected session has no data credit left and should be logged off. The POPmaestro then disconnects the session. When a session is disconnected or when the service is exchanged, the POPmaestro includes the service:data-quota attribute in the accounting message with the remainder data credit. The attribute may be included only once in access-accept message. When appearing more than once the system will consider the last attribute appearance.

General:

Operation Mode:

Access-Accept message

 

Access-Request message

 

Service-Accept message

 

Service-Request message

 

Accounting-Request messages

Vendor-type:

54

Vendor-length =

2 + name length + (1 - 10)

Format:

adc-avpair = "service:data-quota=<data quota in bytes>",

A-20

SG1-UM-8500-03

Page 178
Image 178
ADC SG-1 Serviceauth-source, Adc-avpair = serviceauth-source=service user CLI, Adc-avpair = serviceauth-source=CLI