HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

181

182

183

184

185

186

187

188

189

190

Configuring for Pseudonym Identity Support

To use pseudonym identity support, the realm configuration in the EAP-Type SIM{} or

EAP-Type AKA{} block in EAP.authfile must specify the parameters described in Table 51.

Table 51 EAP.authfile Configuration Parameters

DescriptionParameter

The Pseudonym-Lookup parameter specifies an AATV

and an Xstring parameter for this AATV. This AATV is

Pseudonym-Lookup

invoked to map a pseudonym to the user's real identity. If

this parameter is not configured, pseudonym support is

disabled for the realm.

The HP-UX AAA Server provides the

SIMAKA-PseudonymDecrypt AATV for algorithm-based

pseudonym identity support. The following conditions apply

if this AATV is configured:

• The server forces non-random pseudonym generation

for this realm.

• If no Pseudonym-Algorithm-Key-* parameters are

defined in the aatv.SIMAKA{} block of the

aaa.config file, pseudonym support is disabled.

• If at least one of the above mentioned keys is defined,

and the Pseudonym-Algorithm-Current-Key is

not defined in the aatv.SIMAKA{} block of the

aaa.config file, or does not refer to a defined key,

generation of new pseudonyms is disabled, but existing

pseudonyms can be looked up.

There is no default value.

This parameter specifies an AATV and an Xstring

parameter for this AATV. This AATV is invoked to update

Pseudonym-Update

the mapping of a pseudonym to a user's real identity.

Pseudonym support using an algorithm does not require a

Pseudonym-Update AATV.

There is no default value.

The Pseudonym-Lifetime parameter specifies the

lifetime of such a generated random character pseudonym.

Pseudonym-Lifetime

After the specified duration has elapsed from the time the

pseudonym was first assigned, the pseudonym becomes

invalid, independent of the number of times the pseudonym

was used.

The valid range is 1 to 31,622,400 (1 second to 366

days).

The default value is 1,209,600 seconds (14 days).

The Generate-Random-Character-Pseudonyms

parameter indicates whether the server generates

Generate-Random-Character-Pseudonyms

pseudonyms by algorithm (value = no) or if the server

generates random character pseudonyms (value = yes).

The valid values are Yes and No.

The default value is No

To use algorithm-based pseudonym identity support, the aatv.SIMAKA {} block in the

aaa.config file must specify the parameters described in Table 52.

186 Configuring EAP-SIM and EAP-AKA Authentication Methods