HP-UX AAA Server A.08.
Copyright © 2002–2010 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license required from HP for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents 1 HP-UX AAA Server A.08.01 Release Notes...................................................................................5 Product Overview................................................................................................................5 Product Features.............................................................................................................5 What is New in This Version....................................................................................
List of Tables 1-1 1-2 1-3 1-4 1-5 1-6 1-7 4 Supported IETF RFCs...................................................................................................7 Certified Hard Tokens and their Vendors...................................................................16 Documentation Installed with the HP-UX AAA Server.............................................16 Product Requirements.................................................................................................17 Patch Requirements.
1 HP-UX AAA Server A.08.01 Release Notes This document discusses the most recent product information on HP-UX AAA Server A.08.01. HP-UX AAA Server A.08.01 is supported on HP-UX 11i v2 (B.11.23) and HP-UX 11i v3 (B.11.31). This document addresses the following topics: • “Product Overview” (page 5) • “What is New in This Version” (page 8) • “Fixes Included in the HP-UX AAA Server A.08.01” (page 9) • “Known Problems and Limitations in HP-UX AAA Server A.08.
• • • 6 using Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM) as specified in RFC 4186 and using Universal Mobile Telecommunications System (UMTS) Authentication Key Agreement (AKA) as specified in RFC 4187 in 3rd Generation Partnership Project (3GPP) network environment.
• IP Address Management: DHCP interface for centralized administration of IP Address assignment. • IPv6 Support: Supports RADIUS IPv6 attributes with HP-UX 11i v2, and HP-UX 11i v3 operating systems. This feature also supports RADIUS communication over IPv6 transports with HP-UX 11i v2 and HP-UX 11i v3 operating systems. • SNMP Support: Effectively integrate and manage HP-UX AAA Servers with SNMP compliant network management tools.
Table 1-1 Supported IETF RFCs (continued) RFC# RFC Title 2868 RADIUS Attributes for Tunnel Protocol Support 2869 RADIUS Extensions 3162 RADIUS and IPv6 4186 EAP Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) 4187 EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) 4226 HOTP: An HMAC-Based One-Time Password Algorithm 4672 RADIUS Dynamic Authorization Client MIB 5176 Dynamic Authorization Extensions to Remote Authentication
Following lists the supported log levels: • Default • Low • Suppress For detailed information about log-level filters, see the Starting HP-UX AAA Servers From the Command Line section in HP-UX AAA Server A.08.01 Administrator’s Guide. Arithmetic Expressions HP-UX AAA Server A.08.01 supports arithmetic expressions for integers in policy files.
the proxy egress policy gets executed for the forwarded accounting requests. Prior to the HP-UX AAA Server A.08.01 release, when the HP-UX AAA Server is configured using policies, and a realm is configured to proxy the requests to a remote RADIUS server, the proxy egress policy is not executed for the forwarded accounting requests. QXCR1000906211 Starting with HP-UX AAA Server A.08.01 release, HP-UX AAA Server works fine if the /etc/opt/aaa/radius.
corresponding handle is not freed. Since handles are not freed, when all the 256 SQL handles are utilized, multi-row SQL Action fails with error message:No free slot found for SQL stmt handle. QXCR1000960884 Starting with HP-UX AAA Server A.08.01 release, the HP-UX AAA Server accepts request with Event-Timestamp value between (current time - event_timestamp_window) and (current time + event_timestamp_window) Prior to the HP-UX AAA Server A.08.
QXCR1000921014 Starting with HP-UX AAA Server A.08.01 release, the HP-UX AAA Server handles incorrect responses for requests forwarded to remote AAA Servers. Prior to the HP-UX AAA Server A.08.01 release, the proxy HP-UX AAA Server incorrectly forwards Access-Accept to the client on receiving Accounting-Response as response for an Access-Request from a remote AAA Server. QXCR1000924913 Starting with HP-UX AAA Server A.08.
only if the HP-UX AAA Server is operational and invoked from a host which is registered as a client to HP-UX AAA Server. • HP-UX AAA Server is upgraded to use OpenSSL 0.9.8 libraries. This has resulted in performance degradation with EAP methods on PA platform. Workaround: None. If you encounter this problem, contact the HP support personnel. • The HP-UX AAA Server Manager pages using applets throw java exception NullPointerException when any browser with Java 1.6.0_12 or higher is used.
Workaround 2: Install the PHCO_35997 pthread library patch on HP 9000 systems running HP-UX 11i v2, or PHCO_37477 on HP 9000 systems running HP-UX 11i v3. These patches are available at: http://itrc.hp.com • The HP-UX AAA Server leaks memory when the SQL Access feature uses the MySQL Unix ODBC/MySQL client to interact with a MySQL database. NOTE: This problem occurs with the HP-UX AAA Server A.08.00.01 on HP 9000 systems running HP-UX 11i v2 with the PHSS_31849 (or later) patch only.
Cisco Secure Services Client Version 5.0 The following EAP methods are certified for the Cisco Secure Services Client (formerly, Meetinghouse AEGIS SecureConnect) Version 5 supplicant with HP-UX AAA Server A.08.01: • EAP-TTLS (PAP, CHAP, MS-CHAP, MS-CHAP v2, EAP-MD5, EAP-MS-CHAP v2) • EAP-TLS • PEAP (EAP-GTC, EAP-MS-CHAP v2) The following EAP methods are certified for OATH standards-based OTP authentication with the Cisco Secure Services Client Version 5.
Hard Tokens The following table lists the hard tokens that are certified for OATH standards-based OTP authentication: Table 1-2 Certified Hard Tokens and their Vendors Hard Token Vendor Name A-Key® 3600 Token Authenex Protiva™ 350 Device Gemalto DIGIPASS® GO 3 Vasco Software (Soft Token) The MobileID v4.50 software, by PortWise, is certified for OATH standards-based OTP authentication. Product Documentation See the HP technical library at http://www.docs.hp.
The Secure LAN Advisor is informational only, it does not edit configuration files. Follow the Secure LAN Advisor and use the Server Manager to create and deploy basic AAA configurations for securing LANs and WLANs. See the HP-UX AAA Server A.08.01 Administrator’s Guide on http://docs.hp.com for more information. Installation Corequisites This section lists the HP-UX AAA Server A.08.
NOTE: HP-UX Tomcat-based Servlet Engine hpuxws22TOMCAT is a component of HP-UX Web Server Suite on HP-UX 11i v2, and HP-UX 11i v3. Patch Requirements Table 1-5 lists the patch requirements for the HP-UX AAA Server A.08.01 on HP-UX 11i v2 and HP-UX 11i v3.
NOTE: HP recommends the Netscape/Red Hat Directory Server for environments requiring high performance and availability. SQL Access Requirements The HP-UX AAA Server A.08.01 is designed to interoperate with the Oracle OCI and ODBC compliant database clients/drivers. The database client/driver products are not included with the HP-UX AAA server, and must be acquired and installed separately. In addition, the HP-UX AAA Server provides connectors for the client/driver products.
