HP-UX AAA Server A.08.01 administrator's guide (T1428-90072, May 2010)
Table Of Contents
- HP-UX AAA Server A.08.01 administrator’s guide
- Table of Contents
- About This Document
- Part I Introduction
- 1 Overview: The HP-UX AAA Server
- 2 Upgrading to Version A.08.01
- 3 Installing and Securing the HP-UX AAA Server
- Acquiring the HP-UX AAA Server Software
- Installing and Uninstalling the HP-UX AAA Server
- HP-UX AAA Server File Locations
- Securing the HP-UX AAA Server
- Changing the Default HP-UX AAA Server Settings
- Environment Specific Security Procedures
- Using Secure Socket Layer (SSL) for Secured Remote Server Manager Administration
- Creating a Tomcat Identity Specifically for the HP-UX AAA Server
- Running the HP-UX AAA Server on Hosts with System Hardening Software
- Running the HP-UX AAA Server as a Non-Root User
- Setting Up the HP-UX AAA Server to Start as Non-Root User After Reboot
- 4 Enabling the HP-UX AAA Server for GUI-based Administration
- Part II Configuring the HP-UX AAA Server Manager Using the Server Manager GUI
- 5 The HP-UX AAA Server Manager Interface
- 6 Managing HP-UX AAA Servers
- 7 Configuring RADIUS Clients Using the Access Devices Screen
- 8 Configuring Realms
- 9 Configuring Proxies
- 10 Configuring Users
- 11 Modifying Server Properties
- Navigating the Server Properties Screen
- DHCP Relay Properties
- DNS Updates Properties
- Message Handling Properties
- SNMP Properties
- Tunneling Properties
- Certificate Properties
- File Size Properties
- Miscellaneous Properties
- Local Users File Properties
- ProLDAP Properties
- AAA Server As A Client Properties
- Client Action Properties
- 12 Logging and Monitoring
- Overview
- Server Log Files
- Accounting Log Files
- Using Server Manager to Retrieve Accounting Logfiles
- Format of Accounting Records in the Default Merit Style
- Writing Livingston CDR Accounting Records
- Changing the Accounting Log Filename
- Changing the Accounting Log Rollover Interval
- Rolling Over the Log File and Accounting Stream and Setting the Log Level
- Part III Advanced Configuration Information
- 13 Securing LAN Access With EAP
- 14 Managing Sessions
- 15 Assigning IP Addresses
- 16 OATH Standards-Based OTP Authentication
- OTP and OATH Overview
- HP-UX AAA Server and OATH Support
- Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP v2
- Components Required to Configure OTP Authentication
- Configuring OTP Authentication on the HP-UX AAA Server
- OTP Authentication Configuration Flowchart
- Basic or Typical Configuration
- Advanced Configuration
- Predefined Mapping and Conversion Functions
- Sample Configuration Files
- 17 Configuring EAP-SIM and EAP-AKA Authentication Methods
- EAP-SIM
- EAP-AKA
- Fast Re-Authentication
- Pseudonym Identities
- Generating Authentication Vectors Using A3, A8, and AKA Algorithms
- 18 Configuring HP-UX AAA Server for Scalability and High-Availability
- Overview
- Scalability and High-Availability Concepts
- HP-UX AAA Server Deployment for Scalability and High-Availability
- Managing Multiple HP-UX AAA Servers For Scalability and High-Availability
- Disaster Recovery of the HP-UX AAA Server Manager
- 19 Configuring the HP-UX AAA Server for Client Functionality
- 20 Configuring the HP-UX AAA Server for Dynamic Authorization
- Dynamic Authorization Overview
- HP-UX AAA Server and Dynamic Authorization
- Processing of Dynamic Authorization Requests
- Configuring for Dynamic Authorization
- Basic Configuration
- Advanced Configuration
- Sample Configuration Files
- Part IV Integrating the HP-UX AAA Server With External Services
- 21 LDAP Authentication
- 22 SQL Access
- SQL Access Overview
- Implementing SQL Access
- Administering Users and Tokens Stored in an SQL Database
- Multi-Row Support For SQL Access
- 23 Simple Network Management Protocol (SNMP) Support
- 24 VPN Tunneling
- 25 Using DHCP
- Part V Customizing the HP-UX AAA Server
- 26 Customizing the HP-UX AAA Server Using the Finite State Machine
- 27 Customizing the HP-UX AAA Server Using Policies
- 28 Customizing the HP-UX AAA Server Using the SDK
- Part VI Troubleshooting
- 29 Troubleshooting Overview
- 30 Troubleshooting Procedures
- Troubleshooting Flowchart
- Troubleshooting the Server Manager Administration Utility
- Troubleshooting the HP-UX AAA Server
- 31 Troubleshooting Resources
- 32 Reporting Problems
- Part VII Reference
- 33 Configuration Files
- HUP Processing
- The aaa.config File
- Variables in the aaa.config File
- The strict_duplicate_check Variable
- The aatv.ProLDAP Property
- The iaaa.SNMP Property
- The log_threshold_limit and suppression_interval Variables
- The list_copy_limit Variable
- The localUsersFile.FilterType Property
- The default_users_file_cis_search Property
- The log_forwarding Variable
- The log_generated_request Variable
- The ourhostname Variable
- The packet_log Variable
- The radius_log_fmt Variable
- The reply_check Variable
- OTP Authentication-Related Configuration Items
- Dynamic Authorization-Related Configuration Items
- Variables in the aaa.config File
- The clients File
- The users File
- The dictionary File
- The las.conf File
- The vendors File
- The log.config File
- 34 Attribute-Value Pairs
- 35 MIB Objects
- 33 Configuration Files
- A Supported IETF RFCs
- B Supported Authentication Methods
- C RADIUS Data Packets
- D Header Files, Data Structures, and APIs in the HP-UX AAA Server SDK
- E Syntax of the Decision Files in Earlier Versions of the HP-UX AAA Server
- Glossary of Terms
- Index
The Secure LAN Advisor.......................................................................................159
Preparing Your LAN ...................................................................................................160
Determining the EAP Authentication Method to Use................................................161
Securing WLANs with the HP-UX AAA Server.........................................................164
Digital Certificate Administration...............................................................................164
Using the “Self-Signed” Digital Certificates..........................................................165
Installing Your Own Digital Certificates and Keys................................................166
Installing Server Certificates and Keys.............................................................166
Installing Client Certificates and Keys.............................................................167
Defining Certificate Locations on the HP-UX AAA Server..............................167
14 Managing Sessions.........................................................................................................169
Session Logs.................................................................................................................169
Displaying Session Attributes................................................................................169
Stopping a Session..................................................................................................170
Session Limits..............................................................................................................170
Setting Limits on a User-by-User Basis..................................................................171
Setting Timeout Values.....................................................................................171
Establishing a Filter...........................................................................................171
Limiting Access Points (NAS-Port, NAS-ID, Calling-Station ID, and
others)...............................................................................................................171
Denying Access (Called-Station-ID and others)...............................................172
Limiting Simultaneous Sessions.......................................................................172
Setting Limits for Users on a Global Basis.............................................................173
Setting Limits for All User Profiles Grouped by Realms.................................173
15 Assigning IP Addresses....................................................................................................174
Assigning Static IP Addresses.....................................................................................174
To Assign a Static IP (IPv4) Address to a Profile in Flat Files................................174
To Assign a Static IPv6 Address to a Profile in Flat Files......................................175
To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP
LDIF File.................................................................................................................177
To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File.............178
Assigning Dynamic IP Addresses Using DHCP.........................................................178
16 OATH Standards-Based OTP Authentication.......................................................................179
OTP and OATH Overview..........................................................................................179
HP-UX AAA Server and OATH Support....................................................................180
Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP
v2.................................................................................................................................182
Components Required to Configure OTP Authentication..........................................182
Configuring OTP Authentication on the HP-UX AAA Server ..................................183
OTP Authentication Configuration Flowchart......................................................183
Basic or Typical Configuration...............................................................................186
Advanced Configuration........................................................................................187
Advanced OTP Authentication Configuration Concepts.................................187
Table of Contents 7