Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
291292293294295296297298299300
20 Configuring the HP-UX AAA Server for Dynamic
Authorization
This chapter discusses the Dynamic Authorization capability of the HP-UX AAA Server.
The Dynamic Authorization capability is based on the client functionality of the HP-UX
AAA Server.
This chapter discusses the following topics:
“Dynamic Authorization Overview” (page 292)
“HP-UX AAA Server and Dynamic Authorization” (page 292)
“Processing of Dynamic Authorization Requests” (page 293)
“Configuring for Dynamic Authorization” (page 295)
“Basic Configuration” (page 296)
Advanced Configuration” (page 297)
“Migrating Existing SQL Access Deployments for Dynamic Authorization”
(page 297)
“Configuring Multiple HP-UX AAA Servers as a Group” (page 299)
“Dynamic Authorization in Authorize Only Mode” (page 312)
“Configuring for Proxy Functionality” (page 315)
“Configuring for Failover” (page 316)
“Security Consideration in Dynamic Authorization” (page 317)
“Sample Configuration Files” (page 321)
Dynamic Authorization Overview
The RADIUS protocol, specified in RFC 2865, does not support RADIUS server-initiated
requests. Typically, RADIUS server processes RADIUS client-generated requests.
However, under some circumstances, it is desirable for the RADIUS server to initiate
requests. For example, sometimes it is desirable to be able to disconnect or change
authorization attributes of user sessions in real time, using RADIUS server-initiated
requests. RFC 5176 defines new RADIUS standards to implement these features. These
standards provide support for Disconnect and Change-Of-Authorization
(CoA) packets. Disconnect packets are used to disconnect user sessions. CoA packets
are used to change the authorization attributes of user sessions.
For more information on Dynamic Authorization, see http://www.ietf.org/rfc/rfc5176.txt.
HP-UX AAA Server and Dynamic Authorization
The Dynamic Authorization capability is implemented using HP-UX AAA Server client
functionality. For more information on how the client functionality of the HP-UX AAA
Server works, see Chapter 19 (page 286).
292 Configuring the HP-UX AAA Server for Dynamic Authorization