HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

141

142

143

144

145

146

147

148

149

150

Table of Contents

13 Securing LAN Access With EAP.............................................................................................154

Overview...........................................................................................................................154

The Secure LAN Advisor............................................................................................154

Preparing Your LAN ........................................................................................................155

Determining the EAP Authentication Method to Use......................................................156

Securing WLANs with the HP-UX AAA Server..............................................................159

Digital Certificate Administration....................................................................................159

Using the “Self-Signed” Digital Certificates................................................................160

Installing Your Own Digital Certificates and Keys.....................................................161

Installing Server Certificates and Keys..................................................................161

Installing Client Certificates and Keys...................................................................162

Defining Certificate Locations on the HP-UX AAA Server...................................162

14 Managing Sessions...............................................................................................................164

Session Logs......................................................................................................................164

Displaying Session Attributes.....................................................................................164

Stopping a Session.......................................................................................................165

Session Limits...................................................................................................................165

Setting Limits on a User-by-User Basis.......................................................................166

Setting Timeout Values..........................................................................................166

Establishing a Filter................................................................................................166

Limiting Access Points (NAS-Port, NAS-ID, Calling-Station ID, and others).......166

Denying Access (Called-Station-ID and others)....................................................167

Limiting Simultaneous Sessions............................................................................167

Setting Limits for Users on a Global Basis..................................................................168

Setting Limits for All User Profiles Grouped by Realms.......................................168

15 Assigning IP Addresses..........................................................................................................169

Assigning Static IP Addresses..........................................................................................169

To Assign a Static IP (IPv4) Address to a Profile in Flat Files.....................................169

To Assign a Static IPv6 Address to a Profile in Flat Files............................................170

To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP LDIF

File...............................................................................................................................172

To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File..................173

Assigning Dynamic IP Addresses Using DHCP..............................................................173

16 OATH Standards-Based OTP Authentication.............................................................................174

OTP and OATH Overview................................................................................................174

HP-UX AAA Server and OATH Support.........................................................................175

Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP v2....177

Components Required to Configure OTP Authentication...............................................178

Configuring OTP Authentication on the HP-UX AAA Server ........................................178

OTP Authentication Configuration Flowchart............................................................179

Table of Contents 149