Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
101102103104105106107108109110
Contents
13 Securing LAN Access With EAP..............................................................113
Overview............................................................................................................................113
The Secure LAN Advisor...................................................................................................113
Preparing Your LAN .............................................................................................................114
Determining the EAP Authentication Method to Use...................................................................114
Securing WLANs with the HP-UX AAA Server...........................................................................116
Digital Certificate Administration............................................................................................116
Using the “Self-Signed” Digital Certificates..........................................................................117
Installing Your Own Digital Certificates and Keys.................................................................117
Installing Server Certificates and Keys............................................................................118
Installing Client Certificates and Keys.............................................................................118
Defining Certificate Locations on the HP-UX AAA Server...................................................118
14 Managing Sessions...............................................................................120
Session Logs........................................................................................................................120
Displaying Session Attributes.............................................................................................120
Stopping a Session..........................................................................................................121
Session Limits.......................................................................................................................121
Setting Limits on a User-by-User Basis..................................................................................121
Setting Timeout Values.................................................................................................121
Establishing a Filter.....................................................................................................121
Limiting Access Points (NAS-Port, NAS-ID, Calling-Station ID, and others)............................122
Denying Access (Called-Station-ID and others).................................................................122
Limiting Simultaneous Sessions......................................................................................122
Setting Limits for Users on a Global Basis............................................................................123
Setting Limits for All User Profiles Grouped by Realms......................................................123
15 Assigning IP Addresses..........................................................................124
Assigning Static IP Addresses.................................................................................................124
To Assign a Static IP (IPv4) Address to a Profile in Flat Files....................................................124
To Assign a Static IPv6 Address to a Profile in Flat Files.........................................................125
To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP LDIF File................126
To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File.....................................126
Assigning Dynamic IP Addresses Using DHCP..........................................................................127
16 OATH Standards-Based OTP Authentication..............................................128
OTP and OATH Overview......................................................................................................128
HP-UX AAA Server and OATH Support....................................................................................129
Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP v2........................130
Components Required to Configure OTP Authentication.............................................................131
Configuring OTP Authentication on the HP-UX AAA Server ........................................................131
OTP Authentication Configuration Flowchart........................................................................131
Basic or Typical Configuration...........................................................................................134
Advanced Configuration...................................................................................................135
Advanced OTP Authentication Configuration Concepts.....................................................135
Attributes for Configuring OTP Authentication.............................................................138
Advanced Deployment Scenarios..................................................................................143
Validating OTP Alone.............................................................................................143
Configuring Two-Factor Authentication.......................................................................145
OTP or Password Validation at External RADIUS Server...............................................151
Predefined Mapping and Conversion Functions....................................................................156
Sample Configuration Files................................................................................................157
The sqlaccess.config Sample File...................................................................................157
Contents 109