Add IP entries

The pdadmin pop modify set ipauth add command specifies the network (or network range). The command also specifies the required authentication level in the IP endpoint authentication method attribute. We might need to add IP entries to a POP.

Specify network (or network range) with an authentication level as a number or as forbidden. Specify an authentication level of 0 to allow authentication. A forbidden authentication level indicates that authentication is denied. Specify an authentication greater than 0 to step-up a user to an authentication level. The enforcement of step-up authentication is the responsibility of resource managers. See Step-up authentication. When adding addresses to a POP, IPv4 addresses must be specified in IPv4 format, due to limitations in the operating system functions provided to ISAM.

Example

The following example adds an IP entry for identities from IPv4 addresses that begin with 9.

pdadmin sec_master> pop modify poptest1 set ipauth add 9.0.0.0 255.0.0.0 5

The following example adds an entry for an IPv6 network range:

pdadmin sec_master> pop modify poptest1 set ipauth add \ fedc:ba98:7654:3210:fedc:ba98:7654:3210 ffff:ffff:ffff:ffff:ffff:ffff:ffff:0 6

The following example prevents all users (except users specified in the examples) from accessing the object:

pdadmin sec_master> pop modify poptest1 set ipauth anyothernw forbidden

Parent topic: Specify IP addresses and ranges