Attribute lists, Updating attribute information, Checklist attributes – RSA Security 6.1 User Manual

Page 25

Advertising
background image

RSA RADIUS Server 6.1 Administrator’s Guide

About RSA RADIUS Server

13

nonstandard attributes that it encounters in the packet. Standard RADIUS
attributes are always defined by the

radius.dct

file. If you do not know the

make/model for a RADIUS client, choose the default option:

- Standard

Radius -

.

For the most part, the selections currently available in the

Make/model

field are

devices whose vendors have provided up-to-date attribute dictionaries.
Documentation for these vendors and their products is available online by
clicking the

Web info

button on the RADIUS Clients panel (described on

page 45).

Updating Attribute Information

If your RAS vendor announces a new product, a new attribute, or a new value for
an attribute, you can add this information to your RSA RADIUS Server
configuration. You can edit the dictionary file for that vendor to add new
attributes or attribute values, or you can create a new vendor-specific dictionary
file that contains new attributes and values.

For information on modifying vendor dictionary files, refer to the
RSA RADIUS Server 6.1 Reference Guide.

Attribute Lists

You can use profiles to control authentication at finer levels of detail than simple
user ID and password checking allow. Checklists and return lists provide powerful
tools for the authentication and authorization of users.

Checklist Attributes

A checklist is a list of attributes that must accompany the request for connection
before the connection request can be authenticated. The RAS must send
attributes that match the checklist associated with a user entry; otherwise,
RSA RADIUS Server rejects the user even if the user’s name and password are
valid.

By including appropriate attributes in the checklist, a variety of rules can be
enforced. For example, only specific users might be permitted to use ISDN or
dial-in connections to a particular RAS, or Caller ID might be used to validate a
user against a list of acceptable originating telephone numbers.

A checklist is created by choosing attributes from a list of all RADIUS attributes
known to the RSA RADIUS Server. This list can include a variety of
vendor-specific attributes.

Advertising
Popular Brands
Popular manuals