HP-UX AAA Server A.08.00.01 Administrator's Guide
To use algorithm-based pseudonym identity support, the aatv.SIMAKA {} block in
the aaa.config file must specify the parameters described in Table 17-13.
Table 17-13 The aaa.config Parameters for Algorithm-based Pseudonym Identity
DescriptionParameter
The HP-UX AAA Server can generate pseudonyms
as an encrypted form of the permanent identity,
Pseudonym-Algorithm-Key-n
which can be subsequently decrypted to reproduce
the permanent identity.
This set of parameters (n = 1 to 16) can be used to
specify up to 16 encryption keys for encryption or
decryption.
The key value is a 128-bit binary string (16 bytes)
entered as 0x, followed by two 16 two digit hex
values. The dots are optional, and are used to
improve readability.
Pseudonym generation for a realm is disabled if no
keys are defined, and the generation of random
character pseudonyms is disabled, that is, the value
of the
Generate-Random-Character-Pseudonyms
parameter is No.
If not explicitly configured, there are no default
values.
Specifies the Pseudonym-Algorithm-Key to
encrypt the permanent identity during the
generation of a new pseudonym.
Pseudonym-Algorithm-Current-Key
The other keys are used for decryption of
pseudonyms previously generated with the other
keys, but are not used for generation of new
pseudonyms.
The valid range is 1 to 16.
If not explicitly configured, there is no default value.
Sample EAP.authfile Configuration for Random Pseudonym Identity Support
#################################################################
### Add the following in /etc/opt/aaa/EAP.authfile for EAP-SIM
#################################################################
eapsim.com -EAP EAP "comment"
{
EAP-Type SIM
{
#Configure other realm-specific parameters, if required
.
.
# Following are the mandatory parameters:
Pseudonym-Lookup <pseudonym lookup aatv name> "<xsting if any>"
Pseudonym Identities 255