HP-UX AAA Server A.08.00.01 Administrator's Guide
Auth-Result-Update SQLAccess ActionId=UpdateSQN
############################################################
# Following are optional parameters
#############################################################
Prefixed-IMSI-Permanent-IDs "Enabled"
Generic-Permanent-IDs "Enabled"
Minimum-Length-IMSI 6
Maximum-Length-IMSI 15
AKA-Mode 0x12ab
Protected-Identity-Exchanges No
Protected-Success-Indications "Enabled"
}
}
NOTE: The comment field in realm configuration must not have spaces.
Auth-Result-Update and Resync-Update
The management of SQN required for EAP-AKA can be done using SQL Access
feature provided by HP-UX AAA Server. In this case user credentials must be stored
in an Oracle or SQL-compliant database. The above example has EAP.authfile
configuration for these parameters.
UpdateSQN and ResyncSQN are the SQL action names that must be configured in the
sqlaccess.config file. Following are the sample entries for the same.
UpdateSQN: This SQL action increments the SQN in the database for each successful
authentication. Two mappings are used. The first one retrieves the sequence number
for the corresponding real identity and adds the incremented SQN into the REPLY
queue The second mapping retrieves it from the REPLY queue and inserts it back to
the database. A predefined sample mapping function IncAkaSeqNum is used to
increment the SQN if the authentication succeeds. Subsequently, the mapping function
converts it back to hex string format, and inserts the AKA-Sequence-Number AVP to
REPLY queue.
You can use the vendor-specific attribute, AKA-Authentication-Result to check
the result of authentication. The result can include the following values based on the
authentication result:
NO-AUTH 0
SUCCESS 1
REAUTH 2
CLIENT_REJECT 3
BAD_MAC 4
BAD_XRES 5
BAD_CHECKCODE 6
BAD_PROTOCOL 7
BAD_INTERNAL 8
SQLAction UpdateSQN {
{
input
RAD(Real-Username, REPLY) DBP(ruame, 253, CHAR)
240 Configuring EAP-SIM and EAP-AKA Authentication Methods