Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
211212213214215216217218219220
20 Configuring the HP-UX AAA Server for Dynamic
Authorization
This chapter discusses the Dynamic Authorization capability of the HP-UX AAA Server. The Dynamic
Authorization capability is based on the client functionality of the HP-UX AAA Server.
This chapter discusses the following topics:
“Dynamic Authorization Overview” (page 214)
“HP-UX AAA Server and Dynamic Authorization” (page 214)
“Processing of Dynamic Authorization Requests” (page 215)
“Configuring for Dynamic Authorization” (page 216)
“Basic Configuration” (page 217)
Advanced Configuration” (page 217)
“Migrating Existing SQL Access Deployments for Dynamic Authorization (page 218)
“Configuring Multiple HP-UX AAA Servers as a Group” (page 219)
“Dynamic Authorization in Authorize Only Mode” (page 229)
“Configuring for Proxy Functionality” (page 231)
“Configuring for Failover” (page 232)
“Security Consideration in Dynamic Authorization” (page 233)
“Sample Configuration Files” (page 236)
Dynamic Authorization Overview
The RADIUS protocol, specified in RFC 2865, does not support RADIUS server-initiated requests.
Typically, RADIUS server processes RADIUS client-generated requests. However, under some
circumstances, it is desirable for the RADIUS server to initiate requests. For example, sometimes it
is desirable to be able to disconnect or change authorization attributes of user sessions in real
time, using RADIUS server-initiated requests. RFC 5176 defines new RADIUS standards to implement
these features. These standards provide support for Disconnect and
Change-Of-Authorization (CoA) packets. Disconnect packets are used to disconnect
user sessions. CoA packets are used to change the authorization attributes of user sessions.
For more information on Dynamic Authorization, see http://www.ietf.org/rfc/rfc5176.txt.
HP-UX AAA Server and Dynamic Authorization
The Dynamic Authorization capability is implemented using HP-UX AAA Server client functionality.
For more information on how the client functionality of the HP-UX AAA Server works, see Chapter 19
(page 210).
Figure 64 illustrates how the HP-UX AAA Server performs Dynamic Authorization.
Figure 64 HP-UX AAA Server Performing Dynamic Authorization Operation
214 Configuring the HP-UX AAA Server for Dynamic Authorization