HP-UX AAA Server A.07.01 Administrator's Guide

C RADIUS Data Packets

The Access-Request and other RADIUS data packets contain a header and a set of

attribute-value (A-V) pairs, which are used by the server during the AAA transaction.

The RADIUS RFC 2865 defines how vendors can extend the protocol. Encapsulation

is the RFC defined way of extending RADIUS. Conflicts can occur when the RFC is not

followed. In those cases, the server can map the attributes to unique internal values

for processing. For a full description of RADIUS attribute-value pairs, see Chapter 32:

“Attribute-Value Pairs” (page 400).

Data Packet Format

RADIUS requests and replies share a common format, see Figure C-1). These messages

are transported by UDP. By default, the server listens on UDP port 1812 for

Access-Requests and port 1813 for Accounting-Requests.

Figure C-1 RADIUS Request/Reply Message Format

Table C-1 RADIUS Request/Reply Message Format Description

DescriptionData

8-bit request/reply

type1=Access-Request

Code

2=Access-Accept

3=Access-Reject

4=Accounting-Request

5=Accounting-Response

11=Access-Challenge

8-bit message sequence number: value in reply = value in request.Id

16-bit message length, including the header beginning at Code.Length

16 octet binary vector: Value in request is randomly generated. Value in reply

is MD5 digest of reply message data appended with secret, using vector value

from request.

Authenticator

Arbitrary numbers of information pairs with format shown in Figure C-2.Attributes

Attribute-Value Pair Format

An attribute-value (A-V) pair represents a variable and one of the possible values that

the variable can hold. The A-V pair data format is depicted in Figure C-2. In the HP-UX

AAA server, A-V pairs may be added to configuration files to compare values when

trying to authenticate an Access-Request (check items) or to add authorization

428 RADIUS Data Packets