Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
221222223224225226227228229230
Algorithms” (page 263). The server uses the following AVPs as input to generate
authentication vectors:
Subscriber's key is a string attribute that contains the binary encoded 128-bit
user secret key, Ki. The encoding must be in the network byte order (big-endian).
A3 algorithm is a string attribute that indicates the name of the A3 algorithm
to be applied in GSM triplet generation. The value is case-sensitive.
A8 algorithm is a string attribute that indicates the name of the A8 algorithm
to be applied in GSM triplet generation. Most lines in the configuration files
are limited to 1023 characters. This value is case-sensitive.
GSM triplets. A GSM triplet is a fixed length binary string (octets) attribute, which
holds an EAP-SIM authentication vector. The attribute value is a 224-bit (28 bytes)
binary string. It is partitioned as follows:
RAND= The first 128 bits (16 bytes) of value.
Kc= The next 64 bits (8 bytes) of value.
SRES= The last 32 bits (4 bytes) of value.
The user credentials (Ki) can be stored in any of the following supported data repository:
local realm users file
LDAP database
SQL-compliant database using SQL Access
The following is an example of a local realm users file:
# IMSI configured with 128 bit Subscriber-Key
801448005551000
Subscriber-Key ="\x6d\x37\x71\x8a\xcc\xec\x37\x01\x4e\xdb\xf0\xf0\x3b\xe5\x77\
xda",
NOTE: Subscriber's key is a binary string, and is configured as quoted strings of
hex-escaped octets.
EAP-SIM Realm-Based Configurations
Many EAP-SIM parameters can be configured on a per realm basis. These parameters
are configured in realm entries stored in the authfile and EAP.authfile files.
Realm-Based EAP-SIM Configuration Information in authfile
The user's SIM credentials lookup information is configured in the authfile on a per
realm basis.
The EAP-SIM realm must be configured with the -SIM switch. The following syntax
is used to configure the user credential storage:
eapsimrealm.com SIM <AATV name> <xstring, if any>
224 Configuring EAP-SIM and EAP-AKA Authentication Methods