Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
441442443444445446447448449450
The ACE AATV
The ACE AATV is a sample challenge-response authentication AATV. At a high level,
this plug-in performs the following functions:
1. Checks that the User-Id A-V pair is present in the request. If it is not present, an
error is returned.
2. If the User-Id A-V pair is present, then it checks whether the State A-V pair is
present. If the State A-V pair is present, it proceeds to step 3.
If it is not present, it creates a State A-V pair with the User-Id value and appends
a string .pw to it, and inserts the State A-V pair into the REPLY queue. A
Reply-Message A-V pair is created with a challenge string that prompts the user
to enter a challenge response.
NOTE: In this sample AATV, the State A-V pair contains the password.
However, it can also contain a pointer to a password, or a session table.
3. If the State A-V pair is present, it checks the user's challenge response against
the value in the State A-V pair. If the values match, the user is authenticated. If
the values do not match, the connection is terminated.
For more information on the ACE AATV, see the README located at /opt/aaa/
examples/sdk/ace/README.
The checkCSI AATV
The checkCSI AATV is typically used for preprocessing RADIUS Access-Requests.
This AATV enables the HP-UX AAA Server to authenticate the user based on
Calling-Station-Id instead of User-Name. For more information on the checkCSI
AATV, see the README file located at /opt/aaa/examples/sdk/csi/README.
Using AATVs to Create a Plug-in
You can create a plug-in using one of the sample plug-ins as a base. The procedure and
the example described in this section use the checkCSI.c to create a plug-in.
To create a plug-in using the checkCSI.c file, complete the following steps:
1. Rename the checkCSI.c file and open it for editing.
2. Add the function prototype for the action function. For example,
static int checkCSI (AUTH_REQ * authreq, int Value, const char * checkString);
where:
The Value parameter is the Xvalue from the fsm file
The checkString parameter is the Xstring from the fsm file
442 Customizing the HP-UX AAA Server Using the SDK