HP-UX AAA Server A.08.02 Administrator's Guide
Table 14 Fields in the Local Realm Attributes Form (continued)
FunctionOption
User password lookup is performed through the name-service switch configured in
/etc/nsswitch.conf. See the nsswitch.conf man page for more information.
• No Store: EAP-TLS Certificates: Choose this option if you are using TLS and do not
want to store user information. If you are using TLS, you are not required to store user
information because the TLS certificates provide the user information needed for
authentication.
• No Store: Allow All Users: Choose this option to allow all requests from a realm.
• No Store: Deny All Users: Choose this option to deny all requests from a realm.
Identifies the location, access, and policy parameters for the selected User Profile Storage.User Storage
Parameters
Optional. A paranthesized list of one or more aliases, delimited by commas. Each realm
alias is equivalent to the realm name. An alias is provided for user convenience or other
Alias
purposes, such as to save typing when logging on to your network. Aliases are allowed
on wild card entries and are interpreted as meaning *.alias.
Optional. Allows the specification of a packet filter name to be associated with
authentication through this realm name. It overrides any explicit filter name specified in
a user profile.
Filter ID
Optional. Determines if session tracking is enabled for a realm. When you enable session
tracking, accounting records are generated for a realm and active sessions can be
searched using the Session option on the navigation tree.
Session Tracking
NOTE: The EAP-LEAP authentication method is obsolete in A.08.00 release of the HP-UX
AAA Server. The EAP-LEAP authentication method is replaced by the EAP-PEAP authentication
method. HP recommends that you use EAP-PEAP in place of EAP-LEAP for improved security.
Unlike EAP-LEAP, EAP-PEAP supports mutual authentication and uses an encrypted tunnel to
transmit the user's credentials.
The SecurID authentication is obsolete in A.08.00 release of the HP-UX AAA Server. The
SecurID authentication can be replaced by Open AuTHentication (OATH) standards-based
One-Time Password (OTP) authentication. OATH is an industry-wide collaboration to develop
open-reference architecture for strong authentication. The OATH standards-based OTP
authentication solution supports hardware and software tokens from multiple vendors. For
more information on OATH standards-based OTP authentication solution, see Chapter 16
(page 127)
The Oracle authentication module is obsolete in A.08.00 release of the HP-UX AAA Server.
The Oracle authentication module is supported using SQL Access. HP recommends that you
set up your HP-UX AAA Server to interact with the Oracle database using the SQL Access
feature. For more details on implementing SQL Access, see Chapter 22 (page 247)
4. To add a new realm, click Create to submit the new realm to the Server Manager.
To return to the Realms screen without making any changes to your server configuration, click
Cancel.
Modifying Realms
To modify the properties of an existing realm, complete the following steps:
1. From the navigation tree, click Local Realms.
The Local Realms screen appears as shown in Figure 21.
2. Click the icon corresponding to the realm whose properties you want to modify.
The Modify Local Realm screen appears similar to the screen shown in Figure 22.
74 Configuring Realms