Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
291292293294295296297298299300
Figure 20-1 illustrates how the HP-UX AAA Server performs Dynamic Authorization.
Figure 20-1 HP-UX AAA Server Performing Dynamic Authorization Operation
In the following process flow, step 1 to step 5 (highlighted in blue in the figure) are
related to creating RADIUS sessions and step 6 to step 10 (highlighted in green in the
figure) are related to the Dynamic Authorization operation:
1. A client requests for access to a protected resource by sending user credentials to
the authenticator.
2. The authenticator forwards the request to the HP-UX AAA Server.
3. The HP-UX AAA Server verifies the credentials. Based on the success, the HP-UX
AAA Server adds a new session entry in the session table of the database.
4. After a successful authentication, the HP-UX AAA Server provides access.
5. The authenticator grants access to the user and a session is created.
6. The HP-UX AAA Server periodically checks the session table in the database.
7. Based on the configured conditions, the HP-UX AAA Server sends either a
Disconnect or a CoA request to the Authenticator.
8. The authenticator processes the Disconnect or the CoA request and makes the
corresponding changes to the user sessions.
9. Based on the result of the processing, the authenticator sends an ACK or NAK
response.
10. Based on the response received, the HP-UX AAA Server makes the corresponding
changes in the session table of the database.
Processing of Dynamic Authorization Requests
The dynamic authorization functionality is implemented using the HP-UX AAA Server
client functionality. For more information on the HP-UX AAA Server client functionality,
see Chapter 19 (page 286).
A client action is configured for each dynamic authorization request type. For each
configured client action, based on the configured time interval, the timer function of
the CLIENT AATV generates an empty request and places it in the initial state of the
FSM. The sequence of steps involved in the processing of this empty request through
the FSM is as follows:
Processing of Dynamic Authorization Requests 293