HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

171

172

173

174

175

176

177

178

179

180

Table 44 EAP.authfile Configuration Parameters (continued)

DescriptionParameter

AKA mode is the user authentication management field,

which is often referred to as AMF. It is an input to the

AKA-Mode

functions f1 and f1*. For more information, see 3GPP

documents.

The value of the AKA mode parameter is a 16-bit binary

string entered as 0x, followed by two 2–digit hex values.

The dots are optional, and are used to improve readability.

The encoding must be in the network byte order

(big-endian). For more information, see the example

following Table 17–9.

The EAP-AKA protocol requires support for two features

related to the management of sequence numbers (SQN).

Resync-Update

The Resync-Update parameter specifies an AATV, which

provides one of the features and an Xstring parameter

for this AATV. This AATV is invoked to notify the AuC about

synchronization failures. The reception of an EAP-Response,

AKA, or Synchronization-Failure message from the client

triggers the call to this AATV.

This feature is optional. The need to configure this

parameter depends on whether you require this feature.

There is no default value.

The EAP-AKA protocol requires support for two features

related to the management of sequence numbers (SQN).

Auth-Result-Update

The Auth-Result-Update parameter specifies an AATV,

which provides one of the features and an Xstring

parameter for this AATV. This AATV is invoked to notify

the AuC about the results of an authentication attempt. The

completion of an EAP-AKA authentication sequence,

triggers the call to this AATV.

This feature is optional. The need to configure this

parameter depends on whether you require this feature.

There is no default value.

The following is an example of the EAP.authfile file that configures the EAP-AKA protocol for

an AKA realm:

#######################################################################

### Append the following to /etc/opt/aaa/EAP.authfile

##################################################################

eapakarealm.com -EAP EAP "comment"

{

EAP-Type AKA

{

# Following parameter specifies the name of the AKA algorithm to generate

# vector. You need not configure these values if the vector is retrieved from

# an external AuC.

AKA-Algorithm "3GPP-Milenage"

Resync-Update SQLAccess ActionId=ResyncSQN

Auth-Result-Update SQLAccess ActionId=UpdateSQN

############################################################

# Following are optional parameters

#############################################################

Prefixed-IMSI-Permanent-IDs "Enabled"

Generic-Permanent-IDs "Enabled"

Minimum-Length-IMSI 6

Maximum-Length-IMSI 15

EAP-AKA 175