HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

291

292

293

294

295

296

297

298

299

300

The server can be set up to do a variety of different functions by modifying existing or creating

new FSM state tables. For example, interim accounting messages can be logged by calling the

appropriate module at a certain point in the authentication process.

Each state defined in a finite state table starts with a line containing the name of the state, followed

by a colon character. Each subsequent line is an event handler with three required and two optional

fields, delimited by spaces or tabs. Below is the syntax of a state in a finite state table:

State-name:

Event-1 Action-1 Next-state-1 Xvalue=integer Xstring=string

... ... ...

Event-n Action-n Next-state-n Xvalue=integer

Xstring=string

State-name An arbitrary string to represent a state in the FSM. It can be any printable

ASCII character except space, new line, carriage return, tab, and colon

characters.

• Every state except the Start state must be referenced by at least one

event handler in any state as its next state.

• Every state except the End must have at least one associated event

handler.

• Every state referenced in an event handler must be defined. A state is

defined only once in the FSM.

Event-n Three-tuple with each part separated by a period character in the form

Last-state.Last-action.Event-name

• Last-state The name of the state that generated the event or an

asterisk character (*). Use the asterisk character (*) to match any state

if there is no last state for the event, or if the last state does not matter.

• Last-action The name of the action that generated the event or an

arbitrary string (found in the code or arrived in a packet), prefixed

with a plus character. This action can also be an asterisk character

(*). Use the asterisk character (*) to match any action if there is no

last action, or if the last action does not matter. When preceded by a

plus sign, this string does not refer to the last action, but a value that

is assigned to an internal attribute, Interlink-Proxy-Action, according

to the type of message received and from where it was received.

Event Name The string returned from Last-action

Action-n Name of the action to call. The called action will return a value that will

be used to determine the next action. Refer to “Actions ” (page 295) for a

list of commonly called modules.

Typically, the HP-UX AAA server invokes AUTHENTICATE upon receipt of

an authentication request. AUTHENTICATE in turn invokes the proper

authentication module (PROLDAP, SQL Access, etc.), depending on the

configuration of the request in question. This process is specific to the

server’s default state table.

Next-state-n Name of next state in the AAA transaction. The current State-name, Action-n,

and the value returned from the called AATV (Event-name) will be used to

determine which event listed under Next-state-n should be processed.

Xvalue=integer An A-V pair (integer value) that may be passed to an Action as an argument.

Only one integer argument may be specified for each event.

Xstring=string An A-V pair (string value) that may be passed to an Action as an argument.

Only one string argument may be specified for each event.

States 291