Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
31323334353637383940
The ReplyPrep action also checks for a Service-Type value, equates the value with user
entries, and then appends reply items to the request accordingly. The attribute values for these
items specify the default values to use when configuring the connection specified by
Service-Type. The special user entries are not used for authentication; the reply items for one
of these entries are appended to a request from any user requesting the corresponding service
type. If duplicate A-V pairs exist, pruning is applied to determine the A-V pair that must be
included in the Access-Accept or Access-Reject message.
8. The HP-UX AAA Server evaluates the reply-egress policy just before the RADIUS reply message
is created and sent. The reply-egress policy can be used to alter the request in one of the
following ways:
A-V pairs may be added, modified, or removed
The reply type may be modified
The request may be dropped entirely and no reply is sent.
Session Logs For Accounting
During operation, the HP-UX AAA Server processes information received in an Accounting-Request
from the client. By default, session logging information is written to a file following a predefined
format, such as Merit or Livingston. You can modify how and where the server generates the logs
by editing the log.config file. You can also schedule logging by editing the FSM. In addition,
modifying the FSM and configuring SQL Access enables you to use a database to store session
log information. For more information, see Chapter 22: “SQL Access” (page 247).
IPv6 Support for External Services
The HP-UX AAA Server can be configured to use IPv6 addresses and support IPv6 attributes for
most of the protocols and services it supports. The HP-UX AAA Server currently supports only IPv4
for Dynamic user IP address assignment using DHCP.
IMPORTANT: The HP-UX AAA Server supports the use of RADIUS IPv6 attributes with HP-UX 11i
v2 (and subsequent releases). RADIUS communication over IPv6 transports is supported with HP-UX
11i v2 (and subsequent releases).
HP-UX AAA Server as a Client
Typically, the HP-UX AAA Server works in the server mode. It receives requests from clients, processes
them, and sends out appropriate responses, based on the request type. However, under some
circumstances, it is desirable for the HP-UX AAA Server to perform client functions. This functionality
involves the ability to send HP-UX AAA Server-initiated messages and assimilate responses. For
example, it is advantageous to have the HP-UX AAA Server disconnect sessions or change session
characteristics in real time, by sending Disconnect and Change-Of-Authorization (CoA)
requests. Therefore, starting with the HP-UX AAA Server A.08.01 release, the HP-UX AAA Server
also performs certain client functionalities.
For more information, see Chapter 19 (page 210).
32 Overview: The HP-UX AAA Server