HP-UX AAA Server A.07.01 Administrator's Guide
For more information on these configuration items, see “System-Wide OTP
Configuration Items” (page 174).
The clients File
The server configuration must include all the clients (NASs, RADIUS proxy servers,
and other network devices) that can communicate with the AAA server. If a client is
not included in the configuration, the server discards its messages.
The /etc/opt/aaa/clients file contains the identifying information for these clients.
IMPORTANT: Configuration files have a maximum input line length of 255 characters.
No checking is done to ensure that a configuration statement has not exceeded this
limit.
Syntax of a Client Entry
Name Shared-Secret Type=vendor:{NAS|PROXY}options Version Prefix
An IPv4 example of a client that is a NAS:
192.0.2.0 secret type=Ascend+USR:NAS+RAD_RFC+ACCT_RFC v1
An IPv4 example of a client that is a proxy:
192.0.2.0:3400 secret type=Ascend+USR:PROXY+RAD_RFC+ACCT_RFC v1
An IPv6 example of a client that is a NAS:
fedc:ba98:7654:3210:fedc:ba98:7654:3210 secret
type=Ascend+USR:NAS+RAD_RFC+ACCT_RFC v1
An IPv6 example of a client that is a proxy:
[fedc:ba98:7654:3210:fedc:ba98:7654:3210]:3400
secret type=Ascend+USR:PROXY+RAD_RFC+ACCT_RFC v1
NOTE: In case of a Proxy, if the Name field is an IPv6 literal address then you must
separate the address from the port by enclosing the address in square brackets.
A DNS name example of a client that is a NAS:
danish secret type=Ascend+USR:NAS+RAD_RFC+ACCT_RFC v1
A DNS name example of a client that is a proxy:
danish:3400 secret type=Ascend+USR:PROXY+RAD_RFC+ACCT_RFC v1
Prefixed Users and authfile
In the clients file, it is possible to specify a prefix for a client. When an Access-Request
is matched to a client, the AAA server will search for the users profile in the
prefix.users file. Likewise, if the user profile indicates the Realm authentication
type, the server will search for an entry that matches the users realm in the
prefix.authfile file.
380 Configuration Files