HP-UX AAA Server A.08.00.01 Administrator's Guide
Figure 20-4 Multiple HP-UX AAA Servers in a Group for Dynamic Authorization
In Figure 20-4, sessions in the database that must either be disconnected or changed
are distributed among the live HP-UX AAA Servers within the group. Each HP-UX
AAA Server within the group subsequently, initiates Disconnect or CoA message
exchanges with the authenticator for the sessions assigned to it.
The requirement to distribute Disconnect and CoA messages is met as follows:
• In the default reference implementation, the session status is always prefixed with
the server name to ensure that the sessions created by a particular HP-UX AAA
Server is processed only by that HP-UX AAA Server. However, when an HP-UX
AAA Server belongs to a group, sessions created by the HP-UX AAA Server can
be processed by any other HP-UX AAA Server in the same group. Therefore, the
group name must be prefixed to the session status, and the initial status must be
<groupname>_ACTIVE.
• The live HP-UX AAA Servers must be easy to identify at any point of time. For
this purpose, a new database table, called RAD_SERVER_TABLE is included. This
table includes two columns: server_name and update_time. The value of the
server_name column is <groupname>_<server_name>. All the HP-UX AAA
Servers include a TimedEvent SQLAction, which periodically updates the
update_time in this table. Using this table we can determine the list of HP-UX
AAA Servers that are live by verifying the update_time. A stored procedure,
called update_server_table is used to update the RAD_SERVER_TABLE.
• The stored procedures, distribute_disconnect_sessions and
distribute_coa_sessions, are used to distribute the sessions. These stored
300 Configuring the HP-UX AAA Server for Dynamic Authorization