Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
41424344454647484950
a local realm configured in the las.conf file, the LAS module performs the
following actions:
Checks the user profile for a Simultaneous-Session attribute-value pair, which
determines the maximum number of active sessions the user can have. Default
value is 1.
Authorizes or denies service based on Service-Class.
The POSTLAS action performs Simultaneous Access Token (SAT) control, which
is used to implement realm-based simultaneous session control.
NOTE: HP recommends not to enable local session tracking for any realms
utilizing session management via SQL Access.
7. Reply items refer to the generation of an Access-Accept or Access-Reject message
by the ReplyPrep action. By adding reply items to a user's profile or through
policy decisions, ReplyPrep can provide a NAS with provisioning information
in an Access-Accept data packet. Depending on the capabilities of the NAS, the
reply items can be used to control a user's session. For example, the following user
entry limits the length of the session and the hosts that can be accessed:
guest@library.org Password = "public"
Filter = "library",
Session-Timeout = 3600
Users can authenticate as guest@example.org using password public to
connect for one hour (3600 seconds) to the library hosts that the filter library
allows.
The ReplyPrep action also checks for a Service-Type value, equates the value
with user entries, and then appends reply items to the request accordingly. The
attribute values for these items specify the default values to use when configuring
the connection specified by Service-Type. The special user entries are not used for
authentication; the reply items for one of these entries are appended to a request
from any user requesting the corresponding service type. If duplicate A-V pairs
exist, pruning is applied to determine the A-V pair that must be included in the
Access-Accept or Access-Reject message.
8. The HP-UX AAA Server evaluates the reply-egress policy just before the RADIUS
reply message is created and sent. The reply-egress policy can be used to alter the
request in one of the following ways:
A-V pairs may be added, modified, or removed
The reply type may be modified
The request may be dropped entirely and no reply is sent.
46 Overview: The HP-UX AAA Server