HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

231

232

233

234

235

236

237

238

239

240

Configuring EAP-AKA

The configuration files must be edited manually, because EAP-AKA cannot be

configured using the HP-UX AAA Server Manager.

This section addresses the following topics:

• “EAP-AKA Client Configuration” (page 234)

• “EAP-AKA User Credential Lookup Configuration” (page 234)

• “EAP-AKA Realm-Based Configurations” (page 235)

• “Global EAP-AKA Configuration in aaa.config” (page 242)

NOTE: Subsequently, you must restart the RADIUS Server for the configurations to

take effect.

EAP-AKA Client Configuration

You can configure the access point or the access device for the HP-UX AAA Server to

use EAP-AKA, using the HP-UX AAA Server Manager. For more information on how

to configure, see Chapter 7 (page 96).

EAP-AKA User Credential Lookup Configuration

The HP-UX AAA Server supports configuration of EAP-AKA user credentials as Reply

Items in two forms, as follows:

The HP-UX AAA Server on receiving a AKA request does a lookup of the unique

identifiers' (real username) credentials. The credentials can be the pre-shared user's

Subscriber-Key (Ki), AKA-Sequence-Number (SQN), AKA-Mode (AMF), and

AKA-Algorithm. The following information must be provided for the EAP-AKA module

to continue processing of the user request:

• The first form includes the configuration of the user's Subscriber-Key (Ki),

AKA-Sequence-Number (SQN), AKA-Mode (AMF), and AKA-Algorithm. For a

description of the algorithm, see “Generating Authentication Vectors Using A3,

A8, and AKA Algorithms” (page 263). The server uses these AVPs as input to

generate an authentication vector.

— Subscriber-Key is a string attribute containing the binary encoded 128-bit user

secret key, often referred to as Ki. The encoding must be in network byte order

(big-endian).

— AKA-Sequence-Number is a string attribute containing the binary encoded

48-bit user sequence number, often referred to as SQN. The encoding must be

in network byte order (big-endian).

— AKA mode is a string attribute containing the binary encoded 16-bit user

authentication management field, often referred to as AMF. The encoding must

be in network byte order (big-endian).

— AKA algorithm is a string attribute indicating the name of the AKA algorithm

to be applied in AKA vector generation. Most lines in the configuration files

234 Configuring EAP-SIM and EAP-AKA Authentication Methods