HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

251

252

253

254

255

256

257

258

259

260

algorithm. In this case, the length of the pseudonym varies, depending on the length

of the permanent identity, as follows:

• 24 characters, if the permanent user name is 1-8 characters.

• 45 characters, if the permanent user name is 9-24 characters.

• 66 characters, if the permanent user name is 25-40 characters.

• 88 characters, if the permanent user name is 41-56 characters.

• 109 characters, if the permanent user name is 57-72 characters.

• 130 characters, if the permanent user name is 73-88 characters.

• 152 characters, if the permanent user name is 89-104 characters.

• 173 characters, if the permanent user name is 104-120 characters.

• 194 characters, if the permanent user name is 121-136 characters.

• 216 characters, if the permanent user name is 137-152 characters.

• 237 characters, if the permanent user name is 153-168 characters.

NOTE: The pseudonym is not generated if the permanent user name is greater than

168 characters, as the pseudonym identity exceeds 253 characters.

The server generates a pseudonym identity only if the length of the

pseudonym@realrealm string does not exceed 253 characters.

For a given IMSI permanent identity, there are 56 random user bits involved in the

pseudonym generation, resulting in over seven million trillion (7*10

) different

pseudonyms for a given IMSI. The probability of a random forgery involving a random

IMSI is less than one in four million.

For a given non-IMSI permanent identity, there are 32 random user bits involved in

the pseudonym generation, resulting in over 4 billion different pseudonyms for a given

user. The probability of a random forgery involving a generic user name is less than

one in 50 million.

Configuring for Pseudonym Identity Support

To use pseudonym identity support, the realm configuration in the EAP-Type SIM{}

or EAP-Type AKA{} block in EAP.authfile must specify the parameters described

in Table 17-12.

Table 17-12 EAP.authfile Configuration Parameters

DescriptionParameter

The Pseudonym-Lookup parameter specifies an

AATV and an Xstring parameter for this AATV.

Pseudonym-Lookup

This AATV is invoked to map a pseudonym to the

user's real identity. If this parameter is not

configured, pseudonym support is disabled for the

realm.

Pseudonym Identities 253