HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

241

242

243

244

245

246

247

248

249

250

Fast Re-Authentication Database Update AATV

As a result of a full authentication, the database may require a new record for the fast

re-authentication information. If the database includes an existing set of fast

re-authentication information, the information needs to be updated or made invalid

with each full authentication or a fast re-authentication.

If the realm is configured for fast re-authentication support, the update AATV is invoked

with every authentication, either full or re-authentication, successful or unsuccessful,

and whether a new fast re-authentication username is assigned or not.

Update AATV Inputs

The input to the Update AATV is the set of Vendor-Specific Attributes (VSAs) on the

AUTHREQ_REPLY_QUEUE list of the authreq. Table 17-9 describes the Fast

Re-Authentication Database Update AATV attributes.

Table 17-9 Vendor-Specific Attributes for Fast Re-Authentication Database Update AATV

DescriptionAttribute

A string attribute that contains the user's real identity. This identity

contains neither a prefix nor a realm. The identity can be an

Real-Username

International Mobile Subscriber Identity (IMSI) constituting up to

15 decimal digits. If the realm is configured to support non-IMSI

real identities, the identity can be a non-IMSI real username

constituting up to 253 characters.

A string attribute that contains the user's real realm, which is the

value of the AT_IDENTITY attribute, of the last full

Real-Realm

re-authentication. This realm can differ from the realm portion of

the User-Name attribute value. If the AT_IDENTITY attribute of

the last full re-authentication does not specify a realm, the

Real-Realm attribute contains an empty string value.

A string attribute that contains the value sent by the HP-UX AAA

Server during the authentication. This value is the user's next

Fast-Reauth-Username

Fast-Reauth-Username. This identity is prefixed with the Fast

Reauth ID, 3. However, no realm is associated with it. The length

of the identity, including the prefix, is 10 characters. If the attribute

contains no value, it implies that the database's existing

Fast-Reauth-Username and the associated full authentication

details must be made invalid.

A fixed length binary string (octets) attribute that contains the

Master Key (MK) value of the last full authentication. The value

FullAuth-Master-Key

consists of a 160-bit binary string (20 bytes), in the network byte

order. If the Fast-Reauth-Username is an empty string, this

attribute is not present.

An attribute that contains the updated value of the fast

re-authentication counter. During an update following a full

Fast-Reauth-Counter

authentication, this value is zero. Otherwise, the value is the number

of fast re-authentications performed after the last full authentication.

248 Configuring EAP-SIM and EAP-AKA Authentication Methods