Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
211212213214215216217218219220
20 Configuring the HP-UX AAA Server for Dynamic
Authorization
This chapter discusses the Dynamic Authorization capability of the HP-UX AAA Server. The Dynamic
Authorization capability is based on the client functionality of the HP-UX AAA Server.
This chapter discusses the following topics:
“Dynamic Authorization Overview” (page 215)
“HP-UX AAA Server and Dynamic Authorization” (page 215)
“Processing of Dynamic Authorization Requests” (page 216)
“Configuring for Dynamic Authorization” (page 217)
“Basic Configuration” (page 218)
Advanced Configuration” (page 218)
“Migrating Existing SQL Access Deployments for Dynamic Authorization (page 219)
“Configuring Multiple HP-UX AAA Servers as a Group” (page 220)
“Dynamic Authorization in Authorize Only Mode” (page 230)
“Configuring for Proxy Functionality” (page 232)
“Configuring for Failover” (page 233)
“Security Consideration in Dynamic Authorization” (page 234)
“Sample Configuration Files” (page 237)
Dynamic Authorization Overview
The RADIUS protocol, specified in RFC 2865, does not support RADIUS server-initiated requests.
Typically, RADIUS server processes RADIUS client-generated requests. However, under some
circumstances, it is desirable for the RADIUS server to initiate requests. For example, sometimes it
is desirable to be able to disconnect or change authorization attributes of user sessions in real
time, using RADIUS server-initiated requests. RFC 5176 defines new RADIUS standards to implement
these features. These standards provide support for Disconnect and
Change-Of-Authorization (CoA) packets. Disconnect packets are used to disconnect
user sessions. CoA packets are used to change the authorization attributes of user sessions.
For more information on Dynamic Authorization, see http://www.ietf.org/rfc/rfc5176.txt.
HP-UX AAA Server and Dynamic Authorization
The Dynamic Authorization capability is implemented using HP-UX AAA Server client functionality.
For more information on how the client functionality of the HP-UX AAA Server works, see Chapter 19
(page 211).
Figure 64 illustrates how the HP-UX AAA Server performs Dynamic Authorization.
Figure 64 HP-UX AAA Server Performing Dynamic Authorization Operation
Dynamic Authorization Overview 215