Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
221222223224225226227228229230
either using an optional internal cache or using an external storage like an
SQL-compliant database with the mapping information.
Features
The EAP-SIM authentication method is fully compliant with RFC 4186. It offers the
following features:
International Mobile Subscriber Identity (IMSI) permanent identities on a per realm
basis.
Non-IMSI permanent identities on a per realm basis.
Protected success indications on a per realm basis.
Fast re-authentication on a per realm basis.
Pseudonyms generated using algorithms or randomly, on a per realm basis.
To ensure that permanent user names, pseudonyms, and fast re-authentication
user names are distinct, and can be easily distinguished, the server generates
pseudonyms, whose leading character is 2 and fast re-authentication user names,
whose leading character is 3. In accordance with the RFC, permanent user names
derived from the IMSI are prefixed with the leading character 1.
A user's Subscriber key, Ki, along with the names of the appropriate A3 and A8
algorithms, can be stored in an external database or a local file. and algorithms
are standard algorithms. If Ki is stored in one of these locations, the server
automatically generates GSM authentication triplets using this information.
A set of GSM authentication triplets can be stored in a local file. This is intended
for use in a lab environment, and requires no additional user-written plug-ins.
If the customer implements an AATV, the user credentials can be retrieved from
an Authentication Center (AuC) that the AATV communicates with. The AuC
function authenticates SIM cards that attempt to connect to the GSM network by
generating data known as triplets.
A3 or A8 (3rd Generation Partnership Project) 3GPP Milenage algorithms are
provided with parameters that can be configured.
The Milenage A3 or A8 algorithm can be customized with a simple plug-in.
Additional customer-supplied A3 or A8 algorithms can be plugged into the server.
Occurrences and values of received SIM attributes are validated.
Support for pseudonym and fast re-authentication identity mapping is built-in
without the need for an external database. Support is also provided using SQL
Access and built-in AATVs.
222 Configuring EAP-SIM and EAP-AKA Authentication Methods