HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

421

422

423

424

425

426

427

428

429

430

C RADIUS Data Packets

The Access-Request and other RADIUS data packets contain a header and a set of attribute-value

(A-V) pairs, which are used by the server during the AAA transaction. The RADIUS RFC 2865

defines how vendors can extend the protocol. Encapsulation is the RFC defined way of extending

RADIUS. Conflicts can occur when the RFC is not followed. In those cases, the server can map the

attributes to unique internal values for processing. For a full description of RADIUS attribute-value

pairs, see Chapter 34: “Attribute-Value Pairs” (page 402).

Data Packet Format

RADIUS requests and replies share a common format, see Figure 102). These messages are

transported by UDP. By default, the server listens on UDP port 1812 for Access-Requests and port

1813 for Accounting-Requests.

Figure 102 RADIUS Request/Reply Message Format

Table 115 RADIUS Request/Reply Message Format Description

DescriptionData

8-bit request/reply type

1=Access-Request

Code

2=Access-Accept

3=Access-Reject

4=Accounting-Request

5=Accounting-Response

11=Access-Challenge

40=Disconnect-Request

41=Disconnect-ACK

42=Disconnect-NAK

43=CoA-Request

44=CoA-ACK

45=CoA-NAK

8-bit message sequence number: value in reply = value in request.Id

16-bit message length, including the header beginning at Code.Length

16 octet binary vector: For Access requests, value in request is randomly generated.

Value in reply is MD5 digest of reply message data appended with secret, using

authenticator value from request.

Authenticator

For Accounting, Disconnect and CoA requests, value in request is MD5 digest of

request message data appended with secret, using 16 zero octets as authenticator value.

Value in reply is MD5 digest of reply message data appended with secret, using

authenticator value from request.

Arbitrary numbers of information pairs with format shown in Figure 103.Attributes

Attribute-Value Pair Format

An attribute-value (A-V) pair represents a variable and one of the possible values that the variable

can hold. The A-V pair data format is depicted in Figure 103. In the HP-UX AAA server, A-V pairs

may be added to configuration files to compare values when trying to authenticate an Access-Request

(check items) or to add authorization instructions or other messages to an Access-Accept data

packet (reply items). These A-V pair’s values will also appear in server session logs. The A-V pairs

usually appear as AttributeName=Value in the configuration files and AttributeName=:Type:Value

in the log files.

Data Packet Format 427