HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

331

332

333

334

335

336

337

338

339

340

The following sections describe the working of these sample plug-ins, as well as procedures to do

the following tasks:

• “Using AATVs to Create a Plug-in” (page 332)

• “Compiling and Loading a Plug-in” (page 333)

• “Testing and Debugging a Plug-in” (page 333)

The ACE AATV

The ACE AATV is a sample challenge-response authentication AATV. At a high level, this plug-in

performs the following functions:

1. Checks that the User-Id A-V pair is present in the request. If it is not present, an error is

returned.

2. If the User-Id A-V pair is present, then it checks whether the State A-V pair is present. If

the State A-V pair is present, it proceeds to step 3.

If it is not present, it creates a State A-V pair with the User-Id value and appends a string

.pw to it, and inserts the State A-V pair into the REPLY queue. A Reply-Message A-V pair is

created with a challenge string that prompts the user to enter a challenge response.

NOTE: In this sample AATV, the State A-V pair contains the password. However, it can

also contain a pointer to a password, or a session table.

3. If the State A-V pair is present, it checks the user's challenge response against the value in

the State A-V pair. If the values match, the user is authenticated. If the values do not match,

the connection is terminated.

For more information on the ACE AATV, see the README located at /opt/aaa/examples/sdk/

ace/README.

The checkCSI AATV

The checkCSI AATV is typically used for preprocessing RADIUS Access-Requests. This AATV

enables the HP-UX AAA Server to authenticate the user based on Calling-Station-Id instead

of User-Name. For more information on the checkCSI AATV, see the README file located at

/opt/aaa/examples/sdk/csi/README.

Using AATVs to Create a Plug-in

You can create a plug-in using one of the sample plug-ins as a base. The procedure and the

example described in this section use the checkCSI.c to create a plug-in.

To create a plug-in using the checkCSI.c file, complete the following steps:

1. Rename the checkCSI.c file and open it for editing.

2. Add the function prototype for the action function. For example,

static int checkCSI (AUTH_REQ * authreq, int Value, const char * checkString);

where:

• The Value parameter is the Xvalue from the fsm file

• The checkString parameter is the Xstring from the fsm file

3. Add the aatv_load function to register the AATV to the HP-UX AAA Server.

The aatv_load function, shown below, initializes the global aatv_info_v2_t structure

that contains the function pointer to the init(), action(), timer(), and cleanup()

functions.

int aatv_load (aatv_info_v2_t **aatv_list, int * aatv_count)

where:

aatv_list is a list of all the AATVs that are loaded.

332 Customizing the HP-UX AAA Server Using the SDK