HP-UX AAA Server A.08.00.01 Administrator's Guide
EAP-Type AKA
{
#Configure other realm-specific parameters, if required
.
.
# Following are the mandatory parameters:
Fast-Reauth-Lookup SIMAKA-ReauthCacheLookup “”
Fast-Reauth-Update SIMAKA-ReauthCacheUpdate “”
# Following are the optional parameters:
Fast-Reauth-Realm “”
Max-Number-Of-Reauths-Before-Full-Auth-Is-Required 5
Fast-Reauth-Id-Lifetime 1800
}
}
Configuring for Fast Re-Authentication in aaa.config File
If you use the built in AATVs (SIMAKA-ReauthCacheLookup and
SIMAKA-ReauthCacheUpdate) for caching the fast reauth identity to the user's real
identity mapping, you can configure the parameters described in Table 17-8, in the
aatv.SIMAKA{} block of the aaa.config file.
Table 17-8 The aaa.config Configuration Block Parameters for Fast Re-authentication
DescriptionParameter
Specifies the maximum size of the in-memory Fast
Re-authentication table, in terms of the number of
Maximum-Fast-Reauth-Cache-Size
entries. For a given user, the server needs to save
the full authentication context for subsequent fast
re-authentications. A boundary must be assigned
to the number of entries in this table to protect the
server's memory.
The valid range is 0 to 1,000,000.
If the value is zero, no new fast reauth identities are
added to the cache, but the existing non-expired
entries are used. This value is intended to phase out
fast reauth support following a HUP.
If not explicitly configured, the default value is
500,000.
Sample aaa.config Configuration for Fast Re-authentication
#################################################################
### Add the following in /etc/opt/aaa/aaa.config
#################################################################
aatv.SIMAKA
{
246 Configuring EAP-SIM and EAP-AKA Authentication Methods