HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

191

192

193

194

195

196

197

198

199

200

Table 55 Lookup AATV Output Attributes (continued)

DescriptionAttribute

present, the Pseudonym Update AATV is called with the

Last-Used-Pseudonym-Expiration-Time present, along with the

Pseudonym-Expiration-Time value. If this attribute is not returned, the

Last-Used-Pseudonym-Expiration-Time in the database must be updated

by the Lookup AATV.

The Lookup AATV for EAP-SIM can also return credentials and other reply items while retrieving

the user's Real-Username. Consequently, the AUTHREQ_REPLY_QUEUE list of the authreq is

updated to contain additional attributes. Table 56 describes the Lookup AATV Attributes for EAP-SIM.

Table 56 Lookup AATV Attributes for EAP-SIM

DescriptionAttribute

A fixed-length binary string (octets) attribute that can occur twice or thrice, and can

contain an EAP-SIM authentication vector. The parameter value is a 224-bit binary string

(28 bytes). The value constitutes the following:

GSM-Triplet(s)

• RAND = The first 128-bits (16 bytes) of the value.

• Kc = The next 64-bits (8 bytes) of the value.

• SRES = The last 32-bits (4 bytes) of the value.

A fixed-length binary string (octets) attribute that contains the 128-bit value of the

Subscriber Key (Ki) used to authenticate the user.

Subscriber-Key

An optional string attribute that contains the name of the A3 algorithm used to authenticate

the user. This attribute is optional if a default value is configured for the realm. The value

is case-sensitive.

A3-Algorithm

An optional string attribute that contains the name of the A8 algorithm used to authenticate

the user. This attribute is optional if a default value is configured for the realm. The value

is case-sensitive.

A8-Algorithm

AND

Optional Reply item, such as, Session-Timeout and Idle-Timeout.Other reply attributes

The Lookup AATV for EAP-AKA can also return credentials and other reply items while retrieving

the user's Real-Username. Consequently, the AUTHREQ_REPLY_QUEUE list of the authreq is

updated to contain additional attributes. Table 57 describes the Lookup AATV Attributes for

EAP-AKA.

Table 57 Lookup AATV Attributes for EAP-AKA

DescriptionAttribute

A fixed-length binary string (octets) attribute that can occur only once, and contains an

EAP-AKA authentication vector. The value is a 576-bit binary string (72 bytes). The

value constitutes the following:

AKA-Vector

• RAND = The first 128-bits (16 bytes) of the value.

• XRES = The next 64-bits (8 bytes) of the value.

• CK = The next 128-bits (8 bytes) of the value.

• IK = The next 128-bits (8 bytes) of the value.

• AUTN = The last 128-bits (8 bytes) of the value.

A fixed-length binary string (octets) attribute that contains the 128-bit value of the

Subscriber Key (Ki) used to authenticate the user.

Subscriber-Key

192 Configuring EAP-SIM and EAP-AKA Authentication Methods