HP-UX AAA Server A.07.
Copyright © 2002–2008 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license required from HP for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX AAA Server A.07.01 Release Notes....................................................................................5 Product Overview................................................................................................................5 Product Features.............................................................................................................5 What is New in This Version...................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 1-7 4 Supported IEFT RFCs...................................................................................................7 Certified Hard Tokens and their Vendors...................................................................15 Documentation Installed with the HP-UX AAA Server.............................................15 Product Requirements.................................................................................................17 Patch Requirements.
1 HP-UX AAA Server A.07.01 Release Notes This document discusses the most recent product information on HP-UX AAA Server A.07.01. HP-UX AAA Server A.07.01 is supported on HP-UX 11i v1 (B.11.11), HP-UX 11i v2 (B.11.23), and HP-UX 11i v3 (B.11.31). This document addresses the following topics: • “Product Overview” (page 5) • “What is New in This Version” (page 7) • “Fixes Included in the HP-UX AAA Server A.07.01” (page 10) • “Known Problems and Limitations in HP-UX AAA Server A.07.
creation of plug-ins to customize the implementation of the HP-UX AAA Server. The HP-UX AAA Server SDK is now provided with the HP-UX AAA Server. 6 • Advanced Policy Engine: An updated policy engine that provides extended syntax for complex policy actions to manipulate RADIUS requests and replies based on attribute content. The default policy files enable the administrator to execute policies without customizing the Finite State Machine (FSM). This feature includes substring manipulation.
• Multi-vendor RADIUS Client Support: Includes pre-defined attribute mappings for leading network access vendors and a customizable vendor dictionary to support a wide range of RADIUS clients. • Flexible and Customized Session Logging: Customize session logs to capture the desired volume of session and accounting information. Session logging formats for Merit (default) and Livingston CDR Standard are included.
OATH is an industry-wide collaboration to develop open-reference architecture for strong authentication. The OATH consortium has developed a set of open royalty-free algorithms for one-time password authentication. The OATH standards-based OTP authentication solution uses the HMAC sequence-based One-Time Password (HOTP) algorithm to generate an OTP, using a secret key and a sequence counter.
The following README files describes how to implement basic two-factor authentication based on your implementation requirements: • /opt/aaa/examples/sqlaccess/oracle-1/: To implement basic two-factor authentication using the Oracle database server and OCI client, when the token information is stored in the Oracle database.
Advanced Policy Engine Advanced Policy Engine is an updated policy engine that provides extended syntax for complex policy actions to manipulate RADIUS requests and replies based on attribute content. Policy modules are invoked using the FSM. These modules can be executed at any time during the processing of the RADIUS packet.
QXCR1000583869 Session control for tunneled Extensible Authentication Protocol (EAP) authentications is based on Inner-Identity. Prior to the A.07.01 release, session control was based on Outer-Identity. QXCR1000583867 The HP-UX AAA Server A.07.01 generates only one session for a tunneled-EAP (PEAP or TTLS) authentication, based on Inner-Identity. Prior to the A.07.01 release, the HP-UX AAA Server generated two sessions for a tunneled EAP (PEAP or TTLS), based on Inner-Identity and Outer-Identity.
Oracle Authentication The Oracle authentication module is deprecated in this release and will be obsolete in the next release of the HP-UX AAA Server. The Oracle authentication module is supported using SQL Access. HP recommends that you set up your HP-UX AAA Server to interact with the Oracle database using the SQL Access feature. For more information on implementing SQL Access, see the HP-UX AAA Server A.07.01 Administrator’s Guide at: http://www.docs.hp.com/en/internet.html#AAA%20Server%20%28RADIUS%29.
NOTE: This problem occurs with the HP-UX AAA Server A.07.01 on HP 9000 systems running HP-UX 11i v2 with the PHSS_31849 (or later) patch only. HP 9000 systems running HP-UX 11i v1 or HP-UX 11i v3, and HP Integrity systems running HP-UX 11i v2 or HP-UX 11i v3 are not affected. Workaround: Install PHSS_34858 (linker + fdp cumulative patch) on the HP 9000 system running HP-UX 11i v2, where the radiusd daemon is launched.
Supplicant Support and Interoperability This section lists the supplicants and EAP methods (for each supplicant) certified with the HP-UX AAA Server A.07.01. Cisco Secure Services Client Version 5.0 The following EAP methods are certified for the Cisco Secure Services Client (formerly, Meetinghouse AEGIS SecureConnect) Version 5 supplicant with HP-UX AAA Server A.07.
OATH-Compliant OTP Generators and Interoperability This section discusses the HOTP algorithm-based OTP generators (hard token and software) that are certified for the OATH standards-based OTP authentication with the HP-UX AAA Server A.07.01.
NOTE: The Administrator's Guide may also be accessed via the Server Manager administration utility IMPORTANT: Monitor the HP-UX AAA Server documentation for the most recent product documentation. The Secure LAN Advisor The Secure LAN Advisor is an HTML help system in the Server Manager administration utility that explains the process of securing LANs and WLANs with the HP-UX AAA Server, using the Server Manager screens and tasks.
Table 1-4 Product Requirements Product Requirements HP-UX 11i v1 HP-UX 11i v2 HP-UX 11i v3 Version Version Version 1.4.2.x or higher 1.4.2.x or higher 1.4.2.x or higher HP-UX Tomcat-based Servlet 1.0.03.x or higher Engine 1.0.10.01 or higher B.5.5.9.04 or higher OpenSSL A.00.09.07e or higher A.00.09.08d or higher HP-UX SDK for Java A.00.09.07e or higher All the product requirements can be downloaded at the HP Software Depot (http:// software.hp.
Web Browser Requirements A Web browser is required to use the Server Manager interface to administer and configure the HP-UX AAA Servers. Following are the Web browser requirements for HP-UX AAA Server A.07.01: • Use only the following web browsers with the HP-UX AAA Server A.07.01—known interoperability issues exist with other web browser versions: — Internet Explorer 6.0 or higher with Java 1.4.2.09 or higher — Mozilla 1.7.12 or higher with Java1.4.
User Database Administration Manager Requirements The User Database Administration Manager is designed to operate with the Apache Web Server, PHP5, PHP database abstraction layer (PEAR DB) , and Oracle or MySQL database clients. HP has certified the User Database Administration Manager with HP-UX Apache Web Server version 2.0.58.01 to work with the following database clients: Table 1-7 Product Version Oracle Install Client • 9.2.0.2 • 8.1.7.0 MySQL Client 5.0.
