Manualshelf

HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
421422423424425426427428429430
The following is a list of the EAP supported authentication methods you can use with
this version of the HP-UX AAA Server:
Transport Layer Security (TLS): Uses TLS (also known as SSL) to authenticate the
client using its digital certificate.
NOTE: Some wireless supplicants require specific extensions to support
certificates for EAP.
TLS features include Dynamic Key Exchange; Mutual Authentication; Digital
Certificate/Token Card-based Authentication; and, Encrypted Tunnelling.
Tunneled TLS (TTLS): Can carry additional EAP or legacy authentication methods
like PAP and CHAP. Integrates with the widest variety of password storage formats
and existing password-based authentication systems. Supplicants are available
for a large number of clients. TTLS features include Dynamic Key Exchange; Mutual
Authentication; Password-based Authentication; and, Encrypted Tunnelling.
Protected EAP (PEAP): Functionally very similar to TTLS, but does not encapsulate
legacy authentication methods. PEAP features include: Dynamic Key Exchange;
Mutual Authentication; and, Encrypted Tunnelling.
Message Digest 5 (MD5): Passwords are hashed using the MD5 algorithm. Can be
deployed for protecting access to LAN switches where the authentication traffic
will not be transmitted over airwaves. Can also be safely deployed for wireless
authentication inside EAP tunnel methods. The main feature in MD5 is
Password-based Authentication.
Lightweight EAP (LEAP): For Legacy Cisco equipment only. LEAP features include:
Dynamic Key Exchange; Mutual Authentication; and, Password-based
Authentication.
Generic Token Card (GTC): Carries user specific token cards for authentication.
The main feature in GTC is Digital Certificate/Token Card-based Authentication.
EAP MS-CHAP: Passwords are hashed using a Microsoft algorithm. Can be
deployed for protecting access to LAN switches where the authentication traffic
will not be transmitted over airwaves. Can also be safely deployed for wireless
authentication inside EAP tunnel methods. EAP-MSCHAP features include Mutual
Authentication and Password-based Authentication.
427