HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

101

102

103

104

105

106

107

108

109

110

Table 8-1 Fields in the Local Realm Attributes Form (continued)

FunctionOption

Identifies the authentication method used for the realm:User

Authentication

• Enable EAP: Select this option if user authentication by an EAP challenge

is required. Select one or more EAP types.At least one authentication

method must be selected. For PEAP (EAP-GTC), you must configure the

NULL realm.

The PEAP version ‘0’ only checkbox is displayed if you select

PEAP(EAP-GTC), PEAP(EAP-MSCHAP), or PEAP(EAP-MD5). Select this

checkbox if your supplicant uses the PEAP version 0 protocol.

• Enable RADIUS Standard: Default. Select this option if user authentication

via password checking is required.

If Enable EAP and Enable RADIUS Standard are selected, authentication is

carried out based on the Authentication-Type configuration attribute set in

the RADIUS request.

To indicate the location where the AAA server must retrieve user profiles:User Profile

Storage

• users: Choose this option to store user information locally in AAA Server

flat files. Choosing this option allows you to administer user information

with Server Manager. Server Manager can administer user information

stored locally in the AAA Server flat files only.

• Database Access via SQL or LDAP Server: Choose this option if the user

profile information is stored in an external database. See the individual

chapters for more information.

• OS Security Database: HP-UX operating system HP-UX operating systems

use a number of repositories or “databases” to store information about

hosts, users, passwords, etc. User password lookup is performed through

the name-service switch configured in /etc/nsswitch.conf. See the

nsswitch.conf man page for more information.

• No Store: EAP-TLS Certificates: Choose this option if you are using TLS

and do not want to store user information. If you are using TLS, you are

not required to store user information because the TLS certificates provide

the user information needed for authentication.

• No Store: Allow All Users: Choose this option to allow all requests from a

realm.

• No Store: Deny All Users: Choose this option to deny all requests from a

realm.

Identifies the location, access, and policy parameters for the selected User

Profile Storage.

User Storage

Parameters

Optional. A paranthesized list of one or more aliases, delimited by commas.

Each realm alias is equivalent to the realm name. An alias is provided for user

Alias

convenience or other purposes, such as to save typing when logging on to

your network. Aliases are allowed on wild card entries and are interpreted

as meaning *.alias.

Adding a Realm 103