HP-UX AAA Server A.08.00.01 Administrator's Guide
#Configure other global parameters, if required
.
.
Maximum-Fast-Reauth-Cache-Size 4096
}
Guidelines to Write EAP-SIM and EAP-AKA Fast Re-Authentication Database AATVs
This section describes the EAP-SIM and EAP-AKA requirements that the Fast
Re-authentication Database AATVs must meet in addition to the basic AATV
requirements. For information on AATV writing, compiling, installing, and debugging,
see Chapter 28 (page 437).
You can configure EAP-SIM and EAP-AKA to support the fast re-authentication
procedure by saving the last full authentication, including attributes, such as Master
Key and Counter. The saved full authentication is used for the subsequent fast
re-authentication. You can save the full authentication attributes in internal tables
included in the HP-UX AAA Server, or in an external database using SQL Access,
and retrieve the same, when required. If you save the attributes in an external database,
the database record must include the following attributes:
• Real-Username
• Real-Realm
• Fast-Reauth-Username
• FullAuth-Master-Key
• Fast-Reauth-Counter
• Fast-Reauth-Expiration-Time
These attributes are described as follows:
The AATV, which retrieves the mapping information can check whether the retrieved
information has expired. If the mapping retrieval AATV checks for expiration, the
retrieved Fast-Reauth-Expiration-Time attribute need not be placed on the
authreq. If the mapping retrieval AATV does not check for expiration, the
Fast-Reauth-Expiration-Time attribute must be placed on the authreq, in
which case the EAP-SIM or the EAP-AKA AATV, which handles the result of the
lookup, checks for expiration.
There are two AATVs involved in fast re-authentication handling. One AATV performs
the update and the other performs the lookup. This section describes the following
AATVs:
• “Fast Re-Authentication Database Update AATV” (page 248)
• “Fast Re-Authentication Database Lookup AATV” (page 249)
Fast Re-Authentication 247