HP-UX AAA Server A.08.00.01 Administrator's Guide

Example 28-1 Example of a Pre-Paid Billing Application Using a Plug-in Created Using

the HP-UX AAA Server SDK

In this example, a service provider wants to implement a service where blocks of connect

time are purchased in advance. In addition to being authenticated, each user must be

authorized based on his or her account balance. Only those users with a positive balance

are granted network access and their session is limited to the time equivalent of their

balance at the time they are authenticated. Figure 28-1 (page 438) shows how the plug-in

works.

Figure 28-1 SDK Plug-in Example

Two tasks (AATVs) are identified to implement this service. You can create a single

software module with an AATV for both the tasks or you can create two software

modules with each containing a single AATV. The first task authenticates and authorizes

the user as a part of the RADIUS Access-Request process. This AATV performs the

following functions:

1. Retrieves the user credentials and account balance from a database

2. Authenticates the user based on the credentials

3. Authorizes the user if there is a positive account balance

4. Converts the account balance into the equivalent amount of connect time and

returns that time as a Session-Timeout Reply-Item

The second task is to update the user’s account balance based on the time used during

each user session. To work properly, this must be done in real-time. Therefore, the

database must be updated at the time the RADIUS Accounting-Stop is received. This

AATV performs the following tasks:

1. Converts the length of the user session into a dollar amount

2. Debits the user account by the computed value of the completed session

438 Customizing the HP-UX AAA Server Using the SDK