HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

241

242

243

244

245

246

247

248

249

250

Table 17-10 Vendor-Specific Attributes for Fast Re-Authentication Database Lookup AATV

(continued)

DescriptionAttribute

Fast-Reauth-Realm. The realm can also be a realm that the NAS

created to facilitate routing of the Fast Reauth Request to the HP-UX

AAA Server, which performed the last full authentication. The realm is

used for the database lookup, and is used by the HP-UX AAA Server to

invoke EAP-SIM or EAP-AKA only.

Lookup AATV Outputs

The AUTHREQ_REPLY_QUEUE list of the authreq is updated to additionally contain

the full authentication details. Table 17-11 describes the Lookup AATV attributes.

Table 17-11 Lookup AATV Output Attributes

DescriptionAttribute

A string attribute that contains the user's real identity. This identity

contains no prefix or realm. The IMSI can be up to 15 decimal digits.

Real-Username

If the HP-UX AAA Server is configured to support non-IMSI real

identities, the identity can be a non-IMSI real username, which is up

to 253 characters.

A string attribute that contains the user's real realm. This realm can

differ from the realm portion of the User-Name attribute value. If the

Real-Realm

AT_IDENTITY attribute of the user’s last full authentication specifies

only a username with no realm, the Real-Realm attribute contains

an empty string value.

A fixed-length binary string (octets) attribute that contains the value

of the Master Key (MK) from the last full authentication. The value is

a 160-bit binary string (20 bytes), in the network byte order.

FullAuth-Master-Key

An integer attribute that contains the value of the last fast

re-authentication counter. The value is the number of fast

re-authentications performed after the last full authentication.

Fast-Reauth-Counter

A Unix epoch date attribute that contains the UTC time at which this

fast re-authentication information expires. If the lookup AATV has

Fast-Reauth-Expiration-Time

already checked for an expired Fast-Reauth-Username, the attribute

is not returned. If the attribute is returned, the HP-UX AAA Server

checks whether the Fast-Reauth-Username has expired.

250 Configuring EAP-SIM and EAP-AKA Authentication Methods