HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

241

242

243

244

245

246

247

248

249

250

Table 17-9 Vendor-Specific Attributes for Fast Re-Authentication Database Update AATV

(continued)

DescriptionAttribute

If the value of the Fast-Reauth-Username value is an empty

string, this attribute is not present.

A Unix epoch date attribute that contains the UTC time at which

this fast re-authentication information expires. If the fast

Fast-Reauth-Expiration-Time

re-authentication information in the database is made invalid instead

of being updated, this attribute has no significance. If the

Fast-Reauth-Username is an empty string, this attribute is not

present.

Update AATV Outputs

No attributes must be returned by the Update AATV.

AATV Functionality and Return Events

The fast re-authentication update AATV updates its database with the fast

re-authentication information available in the AUTHREQ_REPLY_QUEUE list of the

authreq. The Update AATV must not modify the AUTHREQ_REPLY_QUEUE list of

the authreq. The result of the update can be either ACK or NAK. If the result of the

update is NAK, the update has failed, which may affect a subsequent fast

re-authentication. However, it does not affect the success or failure of the current

authentication.

Fast Re-Authentication Database Lookup AATV

The fast re-authentication lookup AATV retrieves the information associated with the

Fast-Reauth-Username attribute in the database. This AATV is invoked during a

fast re-authentication only.

Lookup AATV Inputs

The input to the lookup AATV is a set of VSA in the AUTHREQ_REPLY_QUEUE list of

the authreq. Table 17-10 describes the Fast Re-Authentication Database Lookup AATV

attributes.

Table 17-10 Vendor-Specific Attributes for Fast Re-Authentication Database Lookup AATV

DescriptionAttribute

A string attribute that contains the value of the user's Fast Reauth

identity. This identity contains a Fast Reauth ID prefix, 3. However,

Fast-Reauth-Username

no realm is associated with it. The length of the identity, including the

prefix, is 10 characters.

A string attribute that contains the realm portion of the received Fast

Reauth identity. This realm can be the Real-Realm or the configured

Fast-Reauth-Realm

Fast Re-Authentication 249