HP-UX AAA Server A.08.00.01 Administrator's Guide
The value of defserver connection means to report only from the original request. The
value of +abort means to abort and core-dump if there is a mismatch.
The radius_log_fmt Variable
This variable overrides the logfile format string used.
The reply_check Variable
This variable specifies which attributes to check on a reply from a forwarded request
to ensure that they are the same as the forwarded request. Besides specifying which
attributes to check, you can specify the action to take when a mismatch occurs. Listed
below are the actions you can choose to take:
• Ignore the reply
• Ignore the mismatch
• Abort and core dump
Useful attributes to check are NAS-Identifier, Acct-Session-Id, Class, User-Name. For
example:
reply_check=first
reply_check=all
reply_check=+abort
reply_check=+dump
reply_check=+ignore
reply_check=+verbose
reply_check=clear
reply_check=none
reply_check=Attribute
The value of first (default) means to check only the first match. The value of all
means to check all the attributes for matches. The value of +abort means to abort and
coredump if a check fails. The value of +dump means to dump the offending packet
(in hexadecimal). You can specify a specific attribute to check with the syntax
reply_check=Attribute.
NOTE: This feature may not work well in situations where the HP-UX AAA Server
is communicating with non-HP servers.
OTP Authentication-Related Configuration Items
The following OTP authentication related configuration items can be set in the
aaa.config file:
• otp_token_length <6–8>
• otp_lookup_window <0 -any positive integer>
• otp_token_lock_counter <1-any positive integer>
• otp_add_checksum <yes or no>
The aaa.config File 515