.................................................................................................................................... ........................................................................................................................
Using the Policy WizardUsing the 8950 AAA Policy Assistant in Server
Management Tool
9-8 365-360-001R6.0
Issue 1, December 2008
.................................................................................................................................... ........................................................................................................................
UNIX System
The UNIX system option is only available when 8950 AAA is running on a supported
UNIX/Linux platform.
UNIX Password File
Use the Password File option if this policy will use standard UNIX password/shadow files
pas its user source (/etc/passwd or /etc/shadow).
Your password or shadow files must be formatted in standard UNIX password file format
(for a full description, see the UNIX password man page, section 4 or 5). The 8950 AAA
server requires you to place the user’s name in column one in the file. Passwords, if
included, may be encrypted with DES, MD5, or SHA1.
RSA ACE/Server (SecurID)
RSA Ace/Server (SecurID) is not presently available when 8950 AAA is running on
Macintosh OS X.
Secure Computing SafeWord Server
If using a Secure Computing SafeWord Server as a user profile source, then the
authentication source must be the same server.
Radius Server (Proxy)
Use the RADIUS Server Proxy option if your users are stored in a remote server. Proxy
services allow a RADIUS server to forward a request received from a client to a second
RADIUS server. Since the RADIUS server is acting on behalf of the client 8950 AAA
uses the term “proxy.” The RADIUS request is sent to the remote RADIUS server and the
response is used to determine the information that is sent to the client.
Important! If you selected ACE/Server, Safe Word, or Proxy as your user profile
source, you will not see the Authentication Source Panel. These servers perform
authentication and authorization, and notify the 8950 AAA server whether the request
is accepted or declined.
Important! If you are using ACE/Server, Safe Word, or Proxy as your profile source,
go to the section “Defining Accounting Activities” on page 13.
None
Specifies that the user profiles will not be read. This is typically used in tunnel
authentication when EAP Identity is not contained in the outer layer.
Select your user profile source by clicking on the required radio button, and click Next.
The Authentication Access Requests panel appears as shown in Figure9-5.