HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

381

382

383

384

385

386

387

388

389

390

NOTE: This feature may not work well in situations where the HP-UX AAA Server is communicating

with non-HP servers.

OTP Authentication-Related Configuration Items

The following OTP authentication related configuration items can be set in the aaa.config file:

• otp_token_length <6–8>

• otp_lookup_window <0 -any positive integer>

• otp_token_lock_counter <1-any positive integer>

• otp_add_checksum <yes or no>

For more information on these configuration items, see “System-Wide OTP Configuration Items”

(page 139).

Dynamic Authorization-Related Configuration Items

The following Dynamic Authorization-related configuration items can be set in the aaa.config

file:

Table 106 Dynamic Authorization-Related Configuration Items

DescriptionConfiguration Items

The maximum number of client requests allowed in the client queue.global_client_q.limit

The size of the hash table used for performing retransmissions of client

requests.

client_retry_tbl_size

The time interval for which an incoming Event-Timestamp is valid.event_timestamp_window

Enforces the HP-UX AAA server to perform Reverse Path Forwarding (RPF)

checks on the incoming Disconnect and CoA requests. This is disabled

by default.

enable_rpf_check

The maximum number of retries for client requests. This is a global value.default_client_retries

The retransmission interval for client requests. This is a global value.default_client_retry_interval

The CLIENT AATV is a generic AATV, which you can use to perform the required client functions.

You must configure the CLIENT AATV in the aatv.CLIENT block within the aaa.config file.

The syntax of the aatv.CLIENT block parameters is as follows:

aatv.CLIENT

{

<action name>.client_timer_value <time interval>

<action name>.client_max_requests <value>

}

Following is an example of the aatv.CLIENT block within the aaa.config file:

aatv.CLIENT

{

Disconnect.client_timer_value 1

Disconnect.client_max_requests 10

}

The clients File

The server configuration must include all the clients (NASs, RADIUS proxy servers, and other network

devices) that can communicate with the AAA server. If a client is not included in the configuration,

the server discards its messages.

The /etc/opt/aaa/clients file contains the identifying information for these clients.

386 Configuration Files