HP-UX AAA Server A.08.02 Administrator's Guide
Glossary of Terms
A - B
A-V Pair Attribute-value pair.
AAA Abbreviation for Authentication, Authorization, and Accounting.
AAA Server A software application that performs authentication, authorization, and accounting functions.
Access-Accept AAA Server returns an Access-Accept to the client when an Access-Request is valid. The
Access-Accept will contain A-V pairs that specify what services the authenticated user is authorized
to use.
Access-Challenge The AAA Server returns an Access-Challenge to the client when it is necessary to issue a challenge
that the user must respond to. The client will resubmit the request with the user-supplied information
to the AAA Server.
Access-Reject The AAA Server returns an Access-Reject to the client when an Access-Request is invalid.
Access-Request Created by the client, the Access-Request contains A-V Pairs, such as the user’s name, password,
and ID of the client. The client submits the Access-Request to an AAA Server. If the server can
validate the client, the server will attempt to match a user entry in its database with information
in the Access-Request to authenticate the user.
Accounting Logging session and usage information for session control and billing purposes.
Administrator Special user, known by the system on which the AAA Server is running. The administrator is able
to configure and to manage the AAA Server.
Application Service
Provider
Third-party entities that manage and distribute software-based services and solutions to customers
across a wide area network from a central data center, abbreviated as ASP.
ASP Application Service Provider.
Attribute-Value
Pair
The RADIUS protocol defines things in terms of attributes. Each attribute may take on one of a
set of values. When a RADIUS packet is exchanged among clients and servers, one or more
attributes and values are sent pairwise from the client to the server. For the AAA Server software,
all valid attributes and values are listed in the dictionary file, abbreviated as A-V pair.
Authentication The process of identifying and proving the identity of an entity, for example, a user, a network
client, or a network server.
Authorization The process of determining what types of activities is permitted. Usually, authorization is in the
context of authentication; once users are authenticated, they may be authorized different types
of access or activity.
Bit mask A method for storing settings. A bit mask makes use of the fact that binary numbers are made up
of 1's and 0's. Each digit in a binary number is equivalent to one bit. In the HP-UX AAA Server,
bit masks are used to set different configurations while setting up OTP authentication.
C - D
Challenge
Handshake
Authentication
Protocol
Log-in security procedure for dial-in access. Rather than send an unencrypted password, a random
number is sent to the client as a challenge. The challenge is one-way hashed with the password,
and the result is sent back to the server. The server does the same with its copy of the password
and verifies that it gets the same result to authenticate the user, abbreviated as CHAP.
CHAP Challenge Handshake Authentication Protocol.
Client NAS, proxy server, or other networking device that uses the AAA Server services to authenticate
and authorize users.
Common Open
Policy Service
A query and response protocol that can be used to exchange policy information between a policy
server (Policy Decision Point or PDP) and its clients (Policy Enforcement Points or PEPs, such as a
router), abbreviated as COPS.
COPS Common Open Policy Service.
447