Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
531532533534535536537538539540
34 Attribute-Value Pairs
The RADIUS protocol defines things in terms of attributes. Each attribute may take on
one of a set of values. When a RADIUS packet is exchanged among clients and servers,
one or more attributes and values are sent pairwise as an Attribute-Value pair (A-V
pair). For the HP-UX AAA Server software, all valid attributes and values are listed in
the dictionary file.
This chapter organizes the attributes by the information and data that they contain and
the functions they perform, including the following:
Check and deny items to define simple policy for authorization
Reply items to configure the users session for authorization
Accounting attributes that stores usage information in logged accounting records
Configuration attributes that are used in a user profile to implement built-in HP-UX
AAA Server features.
Session attributes that appear in the HP-UX AAA Server binary session files.
Specifying Attribute-Value Pairs
Attribute names and their enumerated value names are defined in the dictionary file.
When specifying attribute values in configuration files, you must have a space before
the equal to (=) or not equal to (!=) operator. A list of A-V pairs may be delimited by
commas, white space, or both.
Attribute-Value Formats
The attribute values (to the right of the equal sign) can take on any of the supported,
legal values described in the dictionary file. The attributes and their corresponding
values are defined to be one of the following types: IP address, ipv6prefix, ipv6addr,
ifid, string, vendor, tag string, tag integer, date, integer, string, octet, and short values.
The string values must be surrounded by the double quote ('"') character if they
contain spaces; otherwise, the quotation marks are optional. These values are
limited to a maximum of 253 characters.
LDAP policy and decision files cannot handle tag string and tag integer values
The IPv4 address values can use the common dotted-quad notation.
The IPv6 address values can use the colon or double-colon (::) notation.
The date values follow the format of three character month abbreviation (e.g., Jan,
Feb, Mar, etc.), followed by the day, followed the year expressed as four digits
(e.g., 1998). Each field must be delimited by a space or hyphen (e.g., Jan 8 2002,
Jan-21-2002, etc.)
A-V pair lists must be delimited by white space. For readability you may use both
a comma and white space as a delimiter.
Specifying Attribute-Value Pairs 537