HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

261

262

263

264

265

266

267

268

269

270

Table 17-15 Vendor-Specific Attributes for Pseudonym Database Lookup AATV (continued)

DescriptionAttribute

An integer attribute that contains the number of requested triplets, such

as, RAND, Kc, and SRES. In accordance with RFC4186, the number of

Number-of-Triplets-Requested

triplets required for authentication is two or three. The number of triplets

required for authentication is present to enable the lookup AATV to

generate GSM Triplets, if required.

A string attribute that contains the name of the A3 algorithm to be used

in the GSM Triplet generation. The value is case-sensitive. This attribute

A3-Algorithm

is present only if the realm is configured with a default A3 algorithm. The

attribute is present to enable the lookup AATV to generate GSM Triplets,

if required.

A string attribute that contains the name of the A8 algorithm to be used

in the GSM Triplet generation. The value is case-sensitive. This attribute

A8-Algorithm

is present only if the realm is configured with a default A8 algorithm. The

attribute is present to enable the lookup AATV to generate GSM Triplets,

if required.

Lookup AATV Outputs

The AUTHREQ_REPLY_QUEUE list of the authreq is updated to additionally contain

the following attributes, as described in Table 17-16.

Table 17-16 Lookup AATV Output Attributes

DescriptionAttribute

A string attribute that contains the user's real identity. The identity contains

neither a prefix nor a realm. The identity can be an IMSI constituting up

Real-Username

to 15 decimal digits. If the realm is configured to support non-IMSI real

identities, the identity can be a non-IMSI real username constituting up

to 253 characters.

A Unix epoch date attribute that contains the UTC time at which the

looked up pseudonym expires. This attribute is optional if the lookup

Pseudonym-Expiration-Time

AATV has already checked for an expired Pseudonym-Username. If it

is returned, the HP-UX AAA Server checks whether the

Pseudonym-Username has expired. The lookup AATV may return this

attribute even if the expiration check is performed. If this attribute is

present, the Pseudonym Update AATV is called with the

Last-Used-Pseudonym-Expiration-Time present, along with the

Pseudonym-Expiration-Time value. If this attribute is not returned,

the Last-Used-Pseudonym-Expiration-Time in the database must

be updated by the Lookup AATV.

The Lookup AATV for EAP-SIM can also return credentials and other reply items while

retrieving the user's Real-Username. Consequently, the AUTHREQ_REPLY_QUEUE

list of the authreq is updated to contain additional attributes. Table 17-17 describes

the Lookup AATV Attributes for EAP-SIM.

Pseudonym Identities 261