HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

161

162

163

164

165

166

167

168

169

170

Table 41 EAP.authfile Configuration Parameters (continued)

DescriptionParameter

on available algorithms, see “Generating Authentication

Vectors Using A3, A8, and AKA Algorithms” (page 194).

Specifies the default A8 algorithm for the realm. If an A8

algorithm is needed to produce the GSM triplets for this

A8 Algorithm

user's authentication, then the A8 algorithm specified in

this field is used. There is no default value. For information

on available algorithms, see “Generating Authentication

Vectors Using A3, A8, and AKA Algorithms” (page 194).

Indicates whether the server must accept permanent

identities of the form 1 + IMSI, for this realm.

Prefixed-IMSI-Permanent-IDs

EAP-SIM RFC 4186 indicates that the permanent identity

must be derived from the IMSI. However, an implementation

may choose a permanent identity that is not based on IMSI.

The server supports both options.

The valid values are Enabled and Disabled.

The default value is Enabled.

Indicates whether the server must accept generic permanent

identities that are not based on an IMSI, for this realm. For

example, fred.

Generic-Permanent-IDs

EAP-SIM RFC 4186 indicates that the permanent identity

must be derived from the IMSI. However, an implementation

may choose a permanent identity that is not based on the

IMSI. The server supports both options.

The valid values are Enabled and Disabled.

The default value is Disabled.

Specify the minimum and maximum length of IMSIs that

the server accepts.

Minimum-Length-IMSI and Maximum-Length-IMSI

The server performs sanity checks on a permanent identity

that is offered as an IMSI to ensure that the identity is

neither too short nor too long to be an IMSI. EAP-SIM RFC

4186 explicitly states that 15 is the maximum length. The

minimum length is six, based on a three digit MCC, a two

digit MNC, and a one digit MSIN. This is a theoretical

absolute minimum length of an IMSI. Therefore, the check

made is as follows:

6 <= Minimum-Length-IMSI <=

Maximum-Length-IMSI <= 15

The default values are 6 and 15.

Indicates how many GSM triplets are needed for

authentication. EAP-SIM RFC 4186 indicates this value

must be 2 or 3.

Number-Of-Triplets-For-Authentication

The default value is 2.

Protected success indications are an optional EAP-SIM

feature. The Protected-Success-Indications

Protected-Success-Indications

parameter indicates whether the server offers protected

success indications to the peer. The valid values are

Enabled and Disabled.

The default value is Enabled.

The following is an example of a EAP.authfile file that configures the EAP-SIM protocol for a

SIM realm:

#######################################################################

### Append the following to /etc/opt/aaa/EAP.authfile

168 Configuring EAP-SIM and EAP-AKA Authentication Methods