Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
171172173174175176177178179180
Sample EAP.authfile Configuration for Fast Re-authentication
#################################################################
### Add the following in /etc/opt/aaa/EAP.authfile for EAP-SIM
#################################################################
eapsim.com -EAP EAP "comment"
{
EAP-Type SIM
{
#Configure other realm-specific parameters, if required
.
.
# Following are the mandatory parameters:
Fast-Reauth-Lookup SIMAKA-ReauthCacheLookup “”
Fast-Reauth-Update SIMAKA-ReauthCacheUpdate “”
# Following are the optional parameters:
Fast-Reauth-Realm “”
Max-Number-Of-Reauths-Before-Full-Auth-Is-Required 5
Fast-Reauth-Id-Lifetime 1800
}
}
#################################################################
### Add the following in /etc/opt/aaa/EAP.authfile for EAP-AKA
#################################################################
eapaka.com -EAP EAP "comment"
{
EAP-Type AKA
{
#Configure other realm-specific parameters, if required
.
.
# Following are the mandatory parameters:
Fast-Reauth-Lookup SIMAKA-ReauthCacheLookup “”
Fast-Reauth-Update SIMAKA-ReauthCacheUpdate “”
# Following are the optional parameters:
Fast-Reauth-Realm “”
Max-Number-Of-Reauths-Before-Full-Auth-Is-Required 5
Fast-Reauth-Id-Lifetime 1800
}
}
Configuring for Fast Re-Authentication in aaa.config File
If you use the built in AATVs (SIMAKA-ReauthCacheLookup and
SIMAKA-ReauthCacheUpdate) for caching the fast reauth identity to the user's real identity
mapping, you can configure the parameters described in Table 47, in the aatv.SIMAKA{} block
of the aaa.config file.
Table 47 The aaa.config Configuration Block Parameters for Fast Re-authentication
DescriptionParameter
Specifies the maximum size of the in-memory Fast
Re-authentication table, in terms of the number of entries.
Maximum-Fast-Reauth-Cache-Size
For a given user, the server needs to save the full
authentication context for subsequent fast re-authentications.
A boundary must be assigned to the number of entries in
this table to protect the server's memory.
The valid range is 0 to 1,000,000.
180 Configuring EAP-SIM and EAP-AKA Authentication Methods