HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

181

182

183

184

185

186

187

188

189

190

Table 52 The aaa.config Parameters for Algorithm-based Pseudonym Identity

DescriptionParameter

The HP-UX AAA Server can generate pseudonyms as an

encrypted form of the permanent identity, which can be

Pseudonym-Algorithm-Key-n

subsequently decrypted to reproduce the permanent

identity.

This set of parameters (n = 1 to 16) can be used to specify

up to 16 encryption keys for encryption or decryption.

The key value is a 128-bit binary string (16 bytes) entered

as 0x, followed by two 16 two digit hex values. The dots

are optional, and are used to improve readability.

Pseudonym generation for a realm is disabled if no keys

are defined, and the generation of random character

pseudonyms is disabled, that is, the value of the

Generate-Random-Character-Pseudonyms

parameter is No.

If not explicitly configured, there are no default values.

Specifies the Pseudonym-Algorithm-Key to encrypt

the permanent identity during the generation of a new

pseudonym.

Pseudonym-Algorithm-Current-Key

The other keys are used for decryption of pseudonyms

previously generated with the other keys, but are not used

for generation of new pseudonyms.

The valid range is 1 to 16.

If not explicitly configured, there is no default value.

Sample EAP.authfile Configuration for Random Pseudonym Identity Support

#################################################################

### Add the following in /etc/opt/aaa/EAP.authfile for EAP-SIM

#################################################################

eapsim.com -EAP EAP "comment"

{

EAP-Type SIM

{

#Configure other realm-specific parameters, if required

# Following are the mandatory parameters:

Pseudonym-Lookup <pseudonym lookup aatv name> "<xsting if any>"

Pseudonym-Update <pseudonym update aatv name> "<xsting if any>”

Generate-Random-Character-Pseudonyms Yes

Pseudonym-Lifetime 604800

# Following are the optional parameters:

Pseudonym-Lifetime 604800

}

#################################################################

### Add the following in /etc/opt/aaa/EAP.authfile for EAP-AKA

#################################################################

eapaka.com -EAP EAP "comment"

{

EAP-Type AKA

{

#Configure other realm-specific parameters, if required

188 Configuring EAP-SIM and EAP-AKA Authentication Methods