HP-UX AAA Server A.08.00.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

HP-UX AAA Server A.08.00.01 Release

Notes

HP-UX 11i v2 and HP-UX 11i v3

HP Part Number: T1428-90070

Published: February 2009

Summary of content (20 pages)

PAGE 1
HP-UX AAA Server A.08.00.
PAGE 2
Copyright © 2002–2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license required from HP for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Table of Contents 1 HP-UX AAA Server A.08.00.01 Release Notes..............................................................................5 Product Overview................................................................................................................5 Product Features.............................................................................................................5 What is New in This Version......................................................................................
PAGE 4
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 1-7 4 Supported IETF RFCs...................................................................................................7 Certified Hard Tokens and their Vendors...................................................................16 Documentation Installed with the HP-UX AAA Server.............................................17 Product Requirements.................................................................................................18 Patch Requirements.
PAGE 5
1 HP-UX AAA Server A.08.00.01 Release Notes This document discusses the most recent product information on HP-UX AAA Server A.08.00.01. HP-UX AAA Server A.08.00.01 is supported on HP-UX 11i v2 (B.11.23) and HP-UX 11i v3 (B.11.31). This document addresses the following topics: • “Product Overview” (page 5) • “What is New in This Version” (page 8) • “Obsolescence of Features and Their Replacements” • “Fixes Included in the HP-UX AAA Server A.08.00.
PAGE 6
• • • 6 Scalability and High Availability: Supports running and managing a group of multiple HP-UX AAA Servers on a single host to process multiple RADIUS requests simultaneously to offer scalability and better performance. This feature also supports running and managing a group of multiple HP-UX AAA servers on different hosts to offer high availability. MS-CHAP v2 for OTP Authentication: MS-CHAP v2 module supports Open Authentication (OATH) standards-based One-Time Password (OTP) authentication.
PAGE 7
• IPv6 Support: Supports RADIUS IPv6 attributes with HP-UX 11i v2, and HP-UX 11i v3 operating systems. This feature also supports RADIUS communication over IPv6 transports with HP-UX 11i v2 and HP-UX 11i v3 operating systems. • SNMP Support: Effectively integrate and manage HP-UX AAA Servers with SNMP compliant network management tools. • LDAP Integration: Supports user profile storage and authentication using LDAP Version 3–compliant directories with request load balancing and failover.
PAGE 8
Table 1-1 Supported IETF RFCs (continued) RFC# RFC Title 3162 RADIUS and IPv6 4186 EAP Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) 4187 EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) 4226 HOTP: An HMAC-Based One-Time Password Algorithm 4672 RADIUS Dynamic Authorization Client MIB 5176 Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) What is New in This Version HP-UX AAA Server ve
PAGE 9
EAP-SIM and EAP-AKA authentication methods HP-UX AAA Server A.08.00.01 supports the Extensible Authentication Protocol Subscriber Identity Module (EAP-SIM) as specified in RFC 4186 and Extensible Authentication Protocol Authentication Key Agreement (EAP-AKA) as specified in RFC 4187. EAP-SIM and EAP-AKA enable usage of mobile network authentication infrastructure for secure access to wireless LAN.
PAGE 10
MS-CHAP v2 for OTP Authentication HP-UX AAA Server A.08.00.01 supports MS-CHAP v2 for OTP authentication. OTP support for MS-CHAP v2 is compatible with RFC 4226.
PAGE 11
tokens from multiple vendors. For more information on OATH standards-based OTP authentication solution, see the HP-UX AAA Server A.08.00.01 Administrator’s Guide. Fixes Included in the HP-UX AAA Server A.08.00.01 The following defect fixes are included in the A.08.00.01 release: QuIX-PCT ID Description QXCR1000832156 Starting with the HP-UX AAA Server A.08.00.01 release, in any EAP method, reply attributes are not sent in the Access-Challenge messages.
PAGE 12
the communication channel to the database broke, or if the database server restarted. QXCR1000855732 Starting with the HP-UX AAA Server A.08.00.01 release, the HP-UX AAA Server processes the authentication requests successfully when an LDAP backend server is configured with Bind as the Authenticate configuration parameter. Prior to the HP-UX AAA Server A.08.00.
PAGE 13
Known Problems • Using the HP-UX AAA Server Manager, if you modify a realm, whose User Profile Storage value is SQL Access, and the SQL Action Id value is more than 16 characters long, the HP-UX AAA Server Manager inserts a set of
characters in the SQL Action Id string while saving the value in the /etc/ opt/aaa/authfile and /etc/opt/aaa/EAP.authfile files. This problem occurs while changing the values of attributes other than the SQL Action Id, in the Modify screen.
PAGE 14
NOTE: This problem occurs with the HP-UX AAA Server A.08.00.01 on HP 9000 systems running HP-UX 11i v2 with the PHSS_31849 (or later) patch only. HP 9000 systems running HP-UX 11i v3, and HP Integrity systems running HP-UX 11i v2 or HP-UX 11i v3 are not affected. Workaround: Install PHSS_34858 (linker + fdp cumulative patch) on the HP 9000 system running HP-UX 11i v2, where the radiusd daemon is launched.
PAGE 15
Known Limitations • Using stored procedure output parameters with MySQL databases will result in NULL values for SQL Access output mappings. Input mappings can be processed normally with MySQL stored procedures. Workaround: Utilize direct SQL statements for SQL Actions requiring output data from MySQL databases. • The HP-UX AAA Server does not recognize realm aliases for local realms configured with local user file storage. Workaround: Configure separate realms for each alias. • The HP-UX AAA Server A.
PAGE 16
Juniper Networks Odyssey Access Client Version 4.7 The following EAP methods are certified for the Juniper Networks Odyssey (formerly, Funk Software Odyssey) Access Client Version 4.7 supplicant with the HP-UX AAA Server A.08.00.01: • EAP-TTLS (PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-MS-CHAP v2) • EAP-TLS • EAP-MD5 • PEAP (EAP-GTC, EAP-MS-CHAP v2) The following EAP methods are certified for OATH standards-based OTP authentication with the Juniper Networks Odyssey Access Client Version 4.
PAGE 17
Product Documentation See the HP technical library at http://www.docs.hp.com for a list of the HP-UX AAA Server documentation. The documents listed in Table 1-3 are also installed with the HP-UX AAA Server. Table 1-3 Documentation Installed with the HP-UX AAA Server Document Location Text Release Notes /opt/aaa/README Administrator’s Guide /opt/aaa/share/doc/admin.
PAGE 18
System Resource Requirements Following are the minimum system resources required to install and run HP-UX AAA Server A.08.00.01: • Disk Space: 5 GB • Memory: 128 MB Product Requirements Table 1-4 lists the product requirements for the HP-UX AAA Server A.08.00.01 on HP-UX 11i v2 and HP-UX 11i v3: Table 1-4 Product Requirements Product Requirements HP-UX 11i v2 HP-UX 11i v3 Version Version HP-UX SDK for Java 1.4.2.x or later 1.4.2.x or later HP-UX Tomcat-based Servlet Engine 1.0.10.01 or later B.5.
PAGE 19
Web Browser Requirements A Web browser is required to use the Server Manager interface to administer and configure the HP-UX AAA Servers. Following are the Web browser requirements for HP-UX AAA Server A.08.00.01: • Use only the following web browsers with the HP-UX AAA Server A.08.00.01—known interoperability issues exist with other web browser versions: — Internet Explorer 6.0 or higher with Java 1.4.2.09 or higher — Mozilla 1.7.12 or higher with Java1.4.
PAGE 20
User Database Administration Manager Requirements The User Database Administration Manager is designed to operate with the Apache Web Server, PHP5, PHP database abstraction layer (PEAR DB or PEAR MDB2) , and Oracle or MySQL database clients. HP has certified the User Database Administration Manager with HP-UX Apache Web Server version 2.22 (32–bit) to work with the following database clients: Table 1-7 User Database Administration Manager Requirements Product Version Oracle Install Client 10.2.0.