Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
231232233234235236237238239240
The verification of the Message-Authenticator attribute occurs only if the attribute is present
in the incoming message. If the attribute is absent, the attribute is ignored. To ensure that the
Message-Authenticator checking occurs, add the following lines in the /etc/opt/aaa/
client-reply-ingress.grp client reply ingress policy file. For more information on
Message-Authenticator, see RFC 2869.
if( count(Message-Authenticator) = 0 )
{
exit "NAK"
}
To add the Message-Authenticator attribute in the outgoing messages, add the following
line in the /etc/opt/aaa/client-request-egress.grp client request egress policy file.
insert Message-Authenticator = "0000000000000000"
The mentioned line adds an empty Message-Authenticator value to the request. The HP-UX
AAA Server calculates the correct Message-Authenticator value and replaces the existing
value before sending the message.
NOTE: The length of the Message-Authenticator string must be 16.
Reverse Path Forwarding Check for Proxies
The Dynamic Authorization proxy functionality can perform Reverse Path Forwarding (RPF) check
to verify that a Dynamic Authorization request originated from an authorized Dynamic Authorization
Client (DAC). The HP-UX AAA Server extracts the realm from the user name and determines the
corresponding HP-UX AAA Servers in the realm routing tables configured in the /etc/opt/aaa/
authfile or the Proxies screen in the HP-UX AAA Server Manager. If the request is not from an
authorized source, the request is discarded.
This feature is disabled by default. You can enable the feature using the enable_rpf_check
attribute in the aaa.config file. For more information on the attribute, see “Dynamic
Authorization-Related Configuration Items” (page 386).
Configuring Reverse Path Forwarding Check for Proxies Using HP-UX AAA Server Manager
To enable RPF check using HP-UX AAA Server Manager, complete the following steps:
1. Log in to HP-UX AAA Server Manager.
2. Click Server Properties. The Server Properties window is displayed as follows:
Figure 81 Server Properties
3. Click AAA Server as a Client Properties. The Server Properties (CLIENT) window is displayed
as follows:
Configuring for Dynamic Authorization 235