HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

121

122

123

124

125

126

127

128

129

130

Table 11-4 Certificate Path Properties (continued)

FunctionOption

For TLS only. Identifies the attribute in the user digital

certificate to retrieve the user's name. This attribute must

Client User Name Attribute

match the user name configured on the supplicant (client)

software. The AAA server will check the user name in the

certificate against the user name supplied in the EAP-TLS

authentication request. Select one of the options listed

below:

• Subject Common name (default): Use the

CommonName (CN) in the Subject attribute.

• Subject EmailAddress: Use the Email Address(E) in

the Subject attribute.

• SubjectAltName RFC822Name: Use the RFC822Name

in the SubjectAltName attribute.

• Check all attributes: Search all of the above three fields

for a matching name.

• Disable: Ignore comparing User name with Certificate

name.

For TLS. Fully-qualified file name to a list of prohibited

client certificates. File must be in .pem or .cer format.

Certificate Revocation List Path

File Size Properties

Clicking File Size Properties takes you to the File Size Properties screen where you can

modify the Maximum Logfile Size property.

Maximum Logfile Size

This property refers to the maximum size (in bytes) of the server’s logfiles and

accounting logfiles. The minimum value for this parameter is 65,536 and the maximum

is 2,147,483,647. Once the configured size is reached, the file is closed and a new log

file is created. If no value is specified, 2,147,483,647 is used.

Miscellaneous Properties

Clicking Miscellaneous Properties takes you to the Miscellaneous Properties screen

where you can modify the Permit Microsoft Client Authenticate As Computer property.

Permit Microsoft Client Authenticate As Computer

Enable (Yes) to support the Microsoft client authenticate as computer feature. The

Microsoft supplicants must also be configured to authenticate as computers. If this

parameter is enabled (Yes), the AAA Server ignores any "host/" prefix in the user name

passed from the client request. The default setting is Yes (enable). If this parameter is

enabled, the HP-UX AAA Server can still authenticate supplicants that do not have

“authenticate as a computer” configured.

File Size Properties 127