HP-UX AAA Server A.08.00.01 Administrator's Guide
Table 17-7 EAP.authfile Configuration Parameters (continued)
DescriptionParameter
re-authentication identity must be generated
with no realm name, it is configured as NULL.
The empty string entry, using just two quotes,
indicates that the server must generate a fast
re-authentication identity with the same realm
name as the permanent identity.
The Fast-Reauth-Id-Lifetime parameter
specifies a lifetime for a fast re-authentication
Fast-Reauth-Id-Lifetime
identity, in seconds. If a fast re-authentication
identity is assigned, but is not used within this
period of time, the fast re-authentication
identity and the associated full authentication
context are purged.
The valid range is 1 to 14400 (1 second to 4
hours).
The default value is 3600 seconds.
Sample EAP.authfile Configuration for Fast Re-authentication
#################################################################
### Add the following in /etc/opt/aaa/EAP.authfile for EAP-SIM
#################################################################
eapsim.com -EAP EAP "comment"
{
EAP-Type SIM
{
#Configure other realm-specific parameters, if required
.
.
# Following are the mandatory parameters:
Fast-Reauth-Lookup SIMAKA-ReauthCacheLookup “”
Fast-Reauth-Update SIMAKA-ReauthCacheUpdate “”
# Following are the optional parameters:
Fast-Reauth-Realm “”
Max-Number-Of-Reauths-Before-Full-Auth-Is-Required 5
Fast-Reauth-Id-Lifetime 1800
}
}
#################################################################
### Add the following in /etc/opt/aaa/EAP.authfile for EAP-AKA
#################################################################
eapaka.com -EAP EAP "comment"
{
Fast Re-Authentication 245