Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
251252253254255256257258259260
Table 17-14 Vendor-Specific Attributes for Pseudonym Database Update AATV (continued)
DescriptionAttribute
the database which maps the pseudonym to the
Real-Username attribute returns a
Pseudonym-Expiration-Time VSA.
Update AATV Outputs
None of the attributes are returned by Update AATV.
AATV Functionality and Return Events
The pseudonym update AATV updates its database with the pseudonym information
available in the AUTHREQ_REPLY_QUEUE list of the authreq. The Update AATV must
not modify the AUTHREQ_REPLY_QUEUE list of the authreq. The result of the update
can be either ACK or NAK. The AATV returns ACK if the database is updated successfully.
If the result of the update is NAK, the update has failed. However, it does not affect the
outcome of the current authentication.
NOTE: If the Pseudonym-Expiration-Time is not present as a result of the Lookup
AATV handling the expiration check, the Last-Used-Pseudonym-Expiration-Time
of the database may need to be updated with the
Last-Assigned-Pseudonym-Expiration-Time value by the Lookup AATV. For
more information on Pseudonym-Expiration-Time, see Table 17-16 (page 261).
Pseudonym Database Lookup AATV
The Pseudonym Database Lookup AATV retrieves the information associated with the
Pseudonym-Username attribute from the database.
Lookup AATV Inputs
The input to the Lookup AATV is a set of Vendor-Specific Attributes (VSA) in the
AUTHREQ_REPLY_QUEUE list of the authreq. Table 17-15 describes the attributes.
Table 17-15 Vendor-Specific Attributes for Pseudonym Database Lookup AATV
DescriptionAttribute
A string attribute that contains the pseudonym value to be found in the
database. The identity contains a pseudonym prefix, 2. However, no realm
is associated with it. The length of the identity can be up to 253 characters.
Pseudonym-Username
A string attribute that contains the user's real realm. This realm can differ
from the realm portion of the User-Name attribute value. If the
Real-Realm
AT_IDENTITY attribute contains only a username, but no realm, the
Real-Realm attribute contains an empty string value.
260 Configuring EAP-SIM and EAP-AKA Authentication Methods