HP-UX AAA Server A.08.02 Administrator's Guide
19 Configuring the HP-UX AAA Server for Client
Functionality
This chapter describes the client functionality of the HP-UX AAA Server. The chapter discusses the
following topics:
• “Overview” (page 210)
• “CLIENT AATV” (page 210)
• “Supported APIs” (page 212)
Overview
Currently, the HP-UX AAA Server works in the server mode. It receives requests from clients,
processes them, and sends out appropriate responses, based on the request type. However, under
some circumstances, it is desirable for the HP-UX AAA Server to perform client functions. This
functionality involves the ability to send HP-UX AAA Server-initiated messages and assimilate
responses. For example, it is advantageous to have the HP-UX AAA Server disconnect sessions or
change session characteristics in real time, by sending Disconnect and
Change-Of-Authorization (CoA) requests. Therefore, starting with the HP-UX AAA Server
A.08.01 release, the HP-UX AAA Server also performs certain client functionalities.
To perform the client functionalities, a generic framework is included. You can use the framework
to generate client messages for any different scenarios. The framework consists of the following
components:
• CLIENT AATV — The CLIENT AATV is a generic AATV, which you can use to generate
requests at configured intervals. These requests are empty requests. Using other AATVs, you
can enter the fields of these empty requests with the required values. For example, you can
use the SQL Access AATV to enter values in the required fields, based on the information
stored in a database table, such as the session table.
• APIs in the Software Development Kit (SDK) — Some APIs are included in the SDK to set the
fields in the client requests. These APIs can be used in custom AATVs or in SQL Access
mapping and conversion functions to set the fields of the empty requests generated by the
CLIENT AATV.
• Finite State Machine (FSM) — Using the FSM, you can control how the HP-UX AAA Server
processes a client request.
• Advanced Policy — Using the Advanced Policy module, you can make complex policy decisions
during the processing of a client request.
This chapter discusses the framework that the HP-UX AAA Server uses to perform client functions.
For more information on reference implementations of this framework to perform dynamic
authorization, see Chapter 20 (page 214).
CLIENT AATV
This section describes how to configure the CLIENT AATV and how the CLIENT AATV works.
Configuring CLIENT AATV
The CLIENT AATV is a generic AATV, which you can use to generate empty RADIUS requests at
specified intervals. You can use these RADIUS requests to perform the required client functions.
You must configure the CLIENT AATV in the aatv.CLIENT block within the aaa.config file.
You can configure multiple CLIENT actions in the aatv.CLIENT block. Each CLIENT action
generates requests at configured time intervals, which can be used to perform a particular client
function. The syntax of the aatv.CLIENT block parameters is as follows:
210 Configuring the HP-UX AAA Server for Client Functionality