HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

291

292

293

294

295

296

297

298

299

300

1. The client-request-init policy is invoked. In this step, the policies configured

in /etc/opt/aaa/client-request-init.grp are executed. The following

things must be set through this policy.

a. The SQL action to be executed for creating the dynamic authorization request

should be set in the attribute Client-Request-Create-ActionId.

b. The SQL action to be executed for updating the database to indicate that the

row has just been processed should be set in the attribute

Client-Request-Update-ActionId.

c. The SQL action to be executed for updating the database if the dynamic

authorization request times out should be set in the attribute

Client-Request-Timeout-ActionId.

d. The RADIUS message type of the dynamic authorization request should be set

in the attribute Interlink-Packet-Code.

2. The SQL Access AATV is invoked. The SQL Access AATV executes the SQL

action set in the attribute Client-Request-Create-ActionId. This SQL action

will enter values in the required fields of the empty request generated by the

CLIENT AATV, based on the information stored in a database table, to create the

dynamic authorization request.

3. The SQL Access AATV is invoked. The SQL Access AATV executes the SQL

action set in the attribute Client-Request-Update-ActionId. This SQL action

will update the database table to indicate that this database row has already been

processed.

4. The CLIENT AATV is invoked. The action function of the CLIENT AATV is

executed. The action function of the CLIENT AATV performs two major functions.

One, it places the current dynamic authorization request in the message queue for

client messages. Two, it generates another empty request and places it in the initial

state of the FSM. Similarly, new dynamic authorization requests are generated

and placed in the message queue successively, thereby resulting in a loop.

5. The client request egress policy is invoked. In this step the policies configured in

/etc/opt/aaa/client-request-egress.grp are executed. This policy file

can be used to insert, modify and delete attributes from the dynamic authorization

request.

6. ReplySend AATV is invoked. The dynamic authorization request is sent to the

target host by the ReplySend AATV. Subsequently, the request waits for a

response. If the request is timed out, it is retransmitted based on the configured

retransmission interval and the maximum number of retransmissions.

7. If there is no response after the configured maximum number of retransmissions

are done, the SQL Access AATV is invoked. The SQL Access AATV executes

the SQL action set in the attribute Client-Request-Timeout-ActionId. This

SQL action will update the database row to indicate that the dynamic authorization

request timed out.

294 Configuring the HP-UX AAA Server for Dynamic Authorization