Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
231232233234235236237238239240
Protected Identity Exchanges using AT_CHECKCODE is supported on a per realm
basis.
Authentication Management Field (AMF) is supported on a per realm basis.
Algorithmically or randomly generated pseudonyms are supported on a per realm
basis.
To ensure that permanent user names, pseudonyms, and fast re-authentication
user names are distinct and can be easily distinguished from one another, the
server generates pseudonyms with the leading character 4 and fast re-authentication
user names with the leading character 5. In accordance with the RFC, permanent
user names derived from the IMSI are prefixed with the leading character 0.
A user's subscriber key, Ki, sequence number, mode, and the name of the
appropriate AKA algorithms, can be stored in an external database or a local file.
The server automatically generates the authentication vector from this information.
An authentication vector can be stored in a local file. This is intended for use in a
lab environment, and requires no additional user-written plug-ins.
The user credentials can be retrieved from an AuC if the customer implements an
AATV, which communicates with the AuC.
AKA 3GPP Milenage algorithms are provided with parameters that can be
configured.
The Milenage AKA algorithm can be customized with a simple plug-in.
Additional AKA algorithms provided by the customer can be plugged into the
server.
Occurrences and values of received AKA attributes are validated.
Support for pseudonym and fast re-authentication identity mapping is built-in,
without the need for an external database.
Benefits
EAP-AKA offers the following benefits:
In devices that already contain an identity module, AKA can be used as a secure
Point-to-Point Protocol (PPP) authentication method.
Enables the use of third generation mobile network authentication infrastructure
in wireless LANs.
Supports the co-existence of the existing infrastructure with any other EAP
technology.
Supports identity privacy.
Supports result indications.
Supports fast re-authentication.
EAP-AKA 233