a3IPsecureLabelSysAuth
1.3.6.1.4.1.43.2.12.3.1.6
Like a3IPsecureLabelSysLevel, this parameter applies
only to packets originated by this system and sent over
this port. When such packets are sent, the value of this
parameter determines the Protection Authority flag field
that is attached to the packet before any processing is
done. Note, this is assuming a3IPsecureLabelSysLevel has
a value other than none (1).
The individual Protection Authority flags that are included
are determined by the individual bits that are set
in the value of this object, with the two least significant
bytes being of interest. Starting from bit 7 of the
INTEGER (with the least significant bit being numbered 0),
the mapping of bits to Protection Authority flags is as
follows (note: rfc1108 labels the most significant bit '0',
the next most significant bit '1', etc),
bit# Prot. Auth. Flag
7 GENSER
6 SIOP
5 SCI
4 NSA
3 DOE
While only bits 7 through 3 have specific Protection Authority
flags assigned to them, any 2 byte combination of bits may be
set as long as that combination is allowed by rfc1108. The
same 1 or 2 byte pattern of bits identified by the value of this
object will be placed in the Protection Authority field of
received packets with no IP security options present. (note:
this is conditioned on a3IPsecureLabelDefaultLevel for this
port having a value other than none (1).)
If this object has the value 0, then no Protection Authority
field will be added to any received packets, regardless of the
value of a3IPsecureLabelDefaultLevel.