HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

171

172

173

174

175

176

177

178

179

180

Table 44 EAP.authfile Configuration Parameters

DescriptionParameter

Specifies the default AKA algorithm for the realm. If the

profile for a user in this realm does not specify an AKA

AKA Algorithm

algorithm, and if an AKA algorithm is needed to produce

the AKA vector for this user's authentication, the AKA

algorithm specified by this parameter is used. For

information on available algorithms, see “Generating

Authentication Vectors Using A3, A8, and AKA Algorithms”

(page 194).

There is no default value.

Indicates whether the server must accept permanent

identities of the form 0 + IMSI, for this realm.

Prefixed-IMSI-Permanent-IDs

EAP-AKA RFC 4187 indicates that the permanent identity

must be derived from the IMSI. However, an implementation

may choose a permanent identity that is not based on IMSI.

The server supports both options.

The valid values are Enabled and Disabled.

The default value is Enabled.

Indicates whether the server must accept generic permanent

identities that are not based on an IMSI, for this realm. For

example, fred.

Generic-Permanent-IDs

EAP-AKA RFC 4187 indicates that the permanent identity

must be derived from the IMSI. However, an implementation

may choose a permanent identity that is not based on the

IMSI. The server supports both options.

The valid values are Enabled and Disabled.

The default value is Disabled.

Specify the minimum and maximum length of IMSIs that

the server accepts.

Minimum-Length-IMSI and Maximum-Length-IMSI

The server performs sanity checks on a permanent identity

that is offered as an IMSI to ensure that the identity is

neither too short nor too long to be an IMSI. EAP-AKA RFC

4187 explicitly states that 15 is the maximum length. The

minimum length is six, based on a three digit MCC, a two

digit MNC, and a one digit MSIN. This is a theoretical

absolute minimum length of an IMSI. Therefore, the check

made is as follows:

6 <= Minimum-Length-IMSI <=

Maximum-Length-IMSI <= 15

The default values are 6 and 15.

Protected success indications are an optional EAP-AKA

feature. The Protected-Success-Indications

Protected-Success-Indications

parameter indicates whether the server offers protected

success indications to the peer. The valid values are

Enabled and Disabled.

The default value is Enabled.

Determines if the server must use the AT_CHECKCODE

attribute. The use of the AT_CHECKCODE attribute is an

Protected-Identity-Exchanges

optional feature in EAP-AKA. The attribute allows protection

of the EAP-AKA identity messages and any future extensions

to them. The implementation of AT_CHECKCODE is

recommended.

The valid values are Yes and No.

EAP-AKA 175