HP-UX AAA Server A.08.00.01 Administrator's Guide
Table 17-5 EAP.authfile Configuration Parameters (continued)
DescriptionParameter
EAP-AKA RFC 4187 indicates that the permanent
identity must be derived from the IMSI. However,
an implementation may choose a permanent
identity that is not based on the IMSI. The server
supports both options.
The valid values are Enabled and Disabled.
The default value is Disabled.
Specify the minimum and maximum length of IMSIs
that the server accepts.
Minimum-Length-IMSI and
Maximum-Length-IMSI
The server performs sanity checks on a permanent
identity that is offered as an IMSI to ensure that the
identity is neither too short nor too long to be an
IMSI. EAP-AKA RFC 4187 explicitly states that 15
is the maximum length. The minimum length is six,
based on a three digit MCC, a two digit MNC, and
a one digit MSIN. This is a theoretical absolute
minimum length of an IMSI. Therefore, the check
made is as follows:
6 <= Minimum-Length-IMSI <=
Maximum-Length-IMSI <= 15
The default values are 6 and 15.
Protected success indications are an optional
EAP-AKA feature. The
Protected-Success-Indications
Protected-Success-Indications parameter
indicates whether the server offers protected success
indications to the peer. The valid values are
Enabled and Disabled.
The default value is Enabled.
Determines if the server must use the
AT_CHECKCODE attribute. The use of the
Protected-Identity-Exchanges
AT_CHECKCODE attribute is an optional feature in
EAP-AKA. The attribute allows protection of the
EAP-AKA identity messages and any future
extensions to them. The implementation of
AT_CHECKCODE is recommended.
The valid values are Yes and No.
AKA mode is the user authentication management
field, which is often referred to as AMF. It is an
AKA-Mode
input to the functions f1 and f1*. For more
information, see 3GPP documents.
The value of the AKA mode parameter is a 16-bit
binary string entered as 0x, followed by two 2–digit
hex values. The dots are optional, and are used to
238 Configuring EAP-SIM and EAP-AKA Authentication Methods