HP-UX AAA Server A.08.00.01 Administrator's Guide

Benefits

EAP-SIM offers the following benefits:

• Offers more reliable security than the GSM mechanisms.

• Supports protection of the subscriber identity based on pseudonyms or temporary

identifiers.

• Supports a fast re-authentication procedure.

Configuring EAP SIM

The configuration files must be edited manually, because EAP-SIM cannot be configured

using the HP-UX AAA Server Manager.

This section addresses the following topics:

• “EAP-SIM Client Configuration” (page 223)

• “EAP-SIM User Credential Lookup Configuration” (page 223)

• “EAP-SIM Realm-Based Configurations” (page 224)

• “Global EAP-SIM Configuration in aaa.config” (page 230)

NOTE: Subsequently, you must restart the RADIUS Server for the configurations to

take effect.

EAP-SIM Client Configuration

You can configure the access point or the access device for the HP-UX AAA Server to

use EAP-SIM, using the HP-UX AAA Server Manager. For more information on how

to configure, see Chapter 7 (page 96).

EAP-SIM User Credential Lookup Configuration

The HP-UX AAA Server on receiving a SIM request does a lookup of the unique

identifiers' (real username) credentials. The credentials can be the pre-shared subscriber

key or the triplets from an external storage (like AuC). The following information must

be provided for the EAP-SIM module to continue processing of the user request:

• User's Subscriber's key, Ki. For more information on these Attribute Value Pairs

(AVPs), see “Generating Authentication Vectors Using A3, A8, and AKA

EAP-SIM 223