HP-UX AAA Server A.08.00.01 Administrator's Guide

Table C-1 RADIUS Request/Reply Message Format Description (continued)

DescriptionData

authenticator value. Value in reply is MD5 digest of reply message data

appended with secret, using authenticator value from request.

Arbitrary numbers of information pairs with format shown in Figure C-2.Attributes

Attribute-Value Pair Format

An attribute-value (A-V) pair represents a variable and one of the possible values that

the variable can hold. The A-V pair data format is depicted in Figure C-2. In the HP-UX

AAA server, A-V pairs may be added to configuration files to compare values when

trying to authenticate an Access-Request (check items) or to add authorization

instructions or other messages to an Access-Accept data packet (reply items). These

A-V pair’s values will also appear in server session logs. The A-V pairs usually appear

as AttributeName=Value in the configuration files and AttributeName=:Type:Value in

the log files.

Figure C-2 Attribute-Value Pair Format

Table C-2 Attribute Value Pair Format Description

DescriptionData

8-bit value-pair code, listed in the dictionary fileattribute

8-bit integer from 2-255length

0 - 253 octet information item. (The data type of value is determined by the

data type associated with the attribute code.)

value

As shown in Figure C-2, the Access-Request contains a set of attribute-value pairs. The

A-V pairs typically placed in these requests are the User-Name and User-Password,

along with the NAS-IP-Address, NAS-Port, Service-Type, and Framed-Protocol A-V

pairs-Framed-Protocol being present only if the user is making a PPP or SLIP connection.

Only a few attributes, such as User-Password and CHAP-Password, are encrypted.

(For a full description of RADIUS attribute-value pairs, see Chapter 34: “Attribute-Value

Pairs” (page 537).

Data Packet Format 569