acps.conf man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

acps.conf(4)							  acps.conf(4)

       acps.conf  -  configuration  file  for the Access Control Policy Switch


       The ACPS configuration file controls which modules  are	consulted  for
       making  an  access control decision, the order in which the modules are
       consulted, and the rules for combining  their  responses	 to  return  a
       result back to the application.

   Syntax and Default Behavior
       The file consists of one or more entries in the following format:

       Whitespace in these entries is combined into a single blank (" ") char‐
       acter and removed from the beginning and end of each field.  If	multi‐
       ple  flags are specified, they should be separated with a comma charac‐

       The individual parameters are defined as follows:

	      The label provides a human-readable name for the module entry.

	      The module name identifies the actual shared library to load  to
			     the  authorization	 decision.  The module name is
			     specified without a path or a suffix  (for	 exam‐
			     ple, both of which are assumed from the architec‐

	      The arguments are defined by the module (that is, module	depen‐
	      dent) and are
			     used  to  provide additional configuration flexi‐

	      The	     field is used to modify the switch's behavior  in
			     interpreting  the results of the module.  See for
			     more details and possible values for this field.

       The order of the entries in the acps.conf  file	denote	the  order  in
       which  the  modules should be called to perform the access check.  Each
       entry is called	in  turn  until	 an  "authoritative  result  code"  is
       returned.   In  the currently defined result code, everything except is
       authoritative.  Once an authoritative result  code  is  returned	 by  a
       decision	 provider  module,  the	 code  is  returned immediately to the
       application.  If is returned, the module is ignored and the next module
       is referenced.

       is  returned  to	 the application if no module returns an authoritative

   Entry Flags
       In some cases, the default rules for ordering access requests and  com‐
       bining  results	do  not	 behave	 as expected for a particular decision
       provider module.	 In this case, it is possible to affect the processing
       of the ACPS by specifying one or more of the pre-defined flags.	If you
       specify multiple flags, you should separate them with a	comma  charac‐

       There is currently only one flag recognized by the switch.  The follow‐
       ing flag may be specified on a per-module basis:

       Short for 'non-authoritative', this flag is  used  for  policy  modules
       that always return
		       authoritative  responses,  even	when  they should not.
		       Specifically, modifies the processing of the entry such
		       that  a	return	of The effect of this is that multiple
		       modules may be stacked with this flag, such that if any
		       module returns then the switch returns

       The  following is an example configuration file.	 Lines that begin with
       the symbol are treated as comments, and therefore ignored.

       # First, attempt to satisfy access request using custom
       # module, (e.g. granting all users access to a particular
       # object foo, but only between 9am - 5pm).  The custom
       # module verifies the time and that the object matches
       # the specified argument. (In this case, "foo".)	 If this
       # module returns ACPS_DENY, keep going to the next entry
       # rather than just returning deny to the application.
       HP-UX RBAC : libacpm_timebased : foo : NONATTV

       # If custom rule does not match, use default local RBAC
       # rule processing
       HP-UX RBAC : libacpm_hpux_rbac : :

       acps(3), acps_api(3), acps_spi(3).


List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net