Planning Login Policies

All users accessing services through Novell RADIUS Services must log in and be authenticated. All authentication, regardless of which service is being accessed, is processed by NMASTM.

The login policies enforced by NMAS are defined and stored in an NDS object called the Login Policy object (LPO). The LPO contains rules that define the relationships among the services, users, and login methods so that NMAS can determine and enforce the appropriate authentication requirements.


Login Policy Object

Login rules or policies are defined and stored in NDS in the Login Policy object. Only one Login Policy object is allowed in an NDS tree and it can only be created in the Security container object. This allows you to define policies that can be used globally across multiple servers and services throughout the NDS tree.

NOTE:  The policies stored in the Login Policy object apply only to RADIUS.

The Login Policy object is administered through ConsoleOne. This object enables you to set up rules that allow you to manage authentication for users logging in to Novell RADIUS Services.

You can use any login method supported by NMAS.


Login Rules

Login rules define the authentication method required for a specific user, container, or group object to access a particular NMAS service. When a user requests access, the applicable rule will be enforced. You can define a single rule for all users, or different rules for particular users. If you define multiple rules, the rules for each service type are applied in the order in which they appear in the list. Once a rule has been matched, no other rules are evaluated. To change the priority of a rule, simply change its position in the list.

You can also define the level of enforcement for a rule. The following enforcement levels are defined:

The following table illustrates some possible authentication rules.


Table . Authentication Rule Examples

Service Users Authentication Method Enforcement

.DAS.Novell

.hr.acme

NDS password

Simple Password

SecureID

Mandatory

Mandatory

Mandatory