HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

161

162

163

164

165

166

167

168

169

170

The user credentials (Ki) can be stored in any of the following supported data repository:

• local realm users file

• LDAP database

• SQL-compliant database using SQL Access

The following is an example of a local realm users file:

# IMSI configured with 128 bit Subscriber-Key

801448005551000

Subscriber-Key ="\x6d\x37\x71\x8a\xcc\xec\x37\x01\x4e\xdb\xf0\xf0\x3b\xe5\x77\

xda",

NOTE: Subscriber's key is a binary string, and is configured as quoted strings of hex-escaped

octets.

EAP-SIM Realm-Based Configurations

Many EAP-SIM parameters can be configured on a per realm basis. These parameters are configured

in realm entries stored in the authfile and EAP.authfile files.

Realm-Based EAP-SIM Configuration Information in authfile

The user's SIM credentials lookup information is configured in the authfile on a per realm basis.

The EAP-SIM realm must be configured with the -SIM switch. The following syntax is used to

configure the user credential storage:

eapsimrealm.com –SIM <AATV name> <xstring, if any>

If user-specific plug-in is added for user lookup, the AATV name is replaced with the plug-in name.

The following section describes configuration of HP-UX AAA Server user, flat file, LDAP directory

server and SQL-compliant database for credential lookup (subscriber key).

The HP-UX AAA Server receives GSM triplets directly when the external storage (typically an AuC)

generates the triplets. An AATV must be written for this. For information on how to write an AATV,

see Chapter 28 (page 329)

NOTE: The xstring field in the realm configuration must not have spaces.

iaaaFile Authentication Type

If the user credentials are available in the flat file, the iaaaFile AATV is used for lookup. The

configuration of a realm, which employs iaaaFile, is followed by a required {} block. The {}

block enables you to configure the following parameters:

• Request-Attribute-For-Search

• Policy-Pointer

The iaaaFile authfile configuration parameters are described in Table 17–1.

Table 40 The iaaaFile authfile Configuration Parameters

DescriptionParameter

Indicates the search attribute to use for a user lookup. The

attribute must be a string-type, such as string, tag-str, or

octets.

Request-Attribute-For-Search

When iaaaFile is used for EAP-SIM, the value of the

Request-Attribute-For-Search parameter must be

Real-Username.

EAP-SIM 165