HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

101

102

103

104

105

106

107

108

109

110

Contents

13 Securing LAN Access With EAP..............................................................112

Overview............................................................................................................................112

The Secure LAN Advisor...................................................................................................112

Preparing Your LAN .............................................................................................................113

Determining the EAP Authentication Method to Use...................................................................113

Securing WLANs with the HP-UX AAA Server...........................................................................115

Digital Certificate Administration............................................................................................115

Using the “Self-Signed” Digital Certificates..........................................................................116

Installing Your Own Digital Certificates and Keys.................................................................116

Installing Server Certificates and Keys............................................................................117

Installing Client Certificates and Keys.............................................................................117

Defining Certificate Locations on the HP-UX AAA Server...................................................117

14 Managing Sessions...............................................................................119

Session Logs........................................................................................................................119

Displaying Session Attributes.............................................................................................119

Stopping a Session..........................................................................................................120

Session Limits.......................................................................................................................120

Setting Limits on a User-by-User Basis..................................................................................120

Setting Timeout Values.................................................................................................120

Establishing a Filter.....................................................................................................120

Limiting Access Points (NAS-Port, NAS-ID, Calling-Station ID, and others)............................121

Denying Access (Called-Station-ID and others).................................................................121

Limiting Simultaneous Sessions......................................................................................121

Setting Limits for Users on a Global Basis............................................................................122

Setting Limits for All User Profiles Grouped by Realms......................................................122

15 Assigning IP Addresses..........................................................................123

Assigning Static IP Addresses.................................................................................................123

To Assign a Static IP (IPv4) Address to a Profile in Flat Files....................................................123

To Assign a Static IPv6 Address to a Profile in Flat Files.........................................................124

To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP LDIF File................125

To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File.....................................125

Assigning Dynamic IP Addresses Using DHCP..........................................................................126

16 OATH Standards-Based OTP Authentication..............................................127

OTP and OATH Overview......................................................................................................127

HP-UX AAA Server and OATH Support....................................................................................128

Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP v2........................129

Components Required to Configure OTP Authentication.............................................................130

Configuring OTP Authentication on the HP-UX AAA Server ........................................................130

OTP Authentication Configuration Flowchart........................................................................130

Basic or Typical Configuration...........................................................................................133

Advanced Configuration...................................................................................................134

Advanced OTP Authentication Configuration Concepts.....................................................134

Attributes for Configuring OTP Authentication.............................................................137

Advanced Deployment Scenarios..................................................................................142

Validating OTP Alone.............................................................................................142

Configuring Two-Factor Authentication.......................................................................144

OTP or Password Validation at External RADIUS Server...............................................150

Predefined Mapping and Conversion Functions....................................................................155

Sample Configuration Files................................................................................................156

The sqlaccess.config Sample File...................................................................................156

108 Contents