Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
61626364656667686970
Running the HP-UX AAA Server on Hosts with System Hardening Software
If you are setting up the HP-UX AAA Server on a system that is being hardened using
lock-down software such as Bastille, you must ensure that the ports used by the HP-UX
AAA Server are kept open. The following ports must be kept open if you are running
the HP-UX AAA Server:
Port 1812 (Radius authentication port)
Port 1813 (Radius accounting port)
Port 8081 (port used by the Server Manager. Needed only if this host is going to
run the Server Manager)
Port 2099 (port used by the RMI server. Needed only if the HP-UX AAA Server
on this host needs to be remotely managed from another host.)
RMI Server ports listed in Table 3-3. By default, these ports change each time the
RMI objects are started.
NOTE: These ports are default ports. However, you can configure these services to
use other ports.
If the HP-UX AAA Server on the host needs to be remotely managed from another
host, then some additional ports need to be opened. By default, these ports are chosen
randomly and keep changing every time the RMI server is restarted. To make it more
convenient to open, these ports can be configured in /opt/aaa/remotecontrol/
rmiserver.properties. Table 3-3 lists the ports that need to be configured and
opened for the corresponding remote management functionality required.
Table 3-3 Ports Associated with RMI Objects that must be Configured
FunctionalityPort
If you are using the administrative functions
adm.server.port
If you are modifying, loading, or saving the
configuration
conf.server.port
file.server.port
If you are using maintenance features such as
accounting, logging, reporting, getting statistics, or
session management
stat.server.port
acct.server.port
log.server.port
sess.server.port
Running the HP-UX AAA Server as a Non-Root User
Some organizations require network server processes to run as the non-root user.
Complete the following steps to run the AAA server as a non-root user:
1. Login to the system as the root user.
2. Add the user name www to the aaa group.
3. Use the following command to start the RMI objects as the aaa user:
66 Installing and Securing the HP-UX AAA Server