Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
21222324252627282930
AATV Plug-Ins
An AATV plug-in defines the actions that perform a variety of functions, including authenticating
requests, authorization, and logging. Built-in actions support authentication of users using information
from several different repositories, and accounting requests using several different polices and
storage formats.
For more information on these built-in actions, see Actions ” (page 296)
The Software Engine: Finite State Machine
The Finite State Machine (FSM) controls the step-by-step process that the server follows to process
and respond to an authentication request. You can configure the FSM to customize your server
configuration without programming software modules. For more information on the Finite State
Machine, see Chapter 26: “Customizing the HP-UX AAA Server Using the Finite State Machine”
(page 291).
HP-UX AAA Server Commands, Utilities and Daemons
Table 3 provides an overview of the HP-UX AAA Server commands, utilities, and daemons.
Table 3 Commands, Utilities, and Daemons
DescriptionCommand
Sends RADIUS status and protocol requests to a AAA server and displays the replies.
Receiving the reply confirms that the HP-UX AAA Server is operational. The radcheck utility
radcheck
can be invoked on any host by any user. However the HP-UX AAA Server returns more
information to registered clients.
Sets debug logging level for the HP-UX AAA Server running correctly. Turn debugging on
and off, or set the level of output while the AAA Server is running.
raddbginc
Rolls over the server log file and accounting stream while the AAA Server is running. Also,
sets the log level based on the RADIUS message type.
radsignal
RADIUS server daemon. Services user authentication and accounting requests from RADIUS
clients. Authentication and accounting requests are transmitted to the radiusd daemon in
radiusd
the form of UDP packets that conform to the RADIUS protocol. The radiusd daemon can
be started from the Server Manager, command line, or at boot time using the /etc/
rc.config.d/radiusd.conf file.
Tool to administer one or more HP-UX AAA Servers configured on the host.rad_admin.sh
RADIUS client utility that can process commands to send requests to and check responses
from a RADIUS server. This can be used as a Dynamic Authorization Server to receive and
respond to Disconnect and CoA requests.
radpwtst
Handling an Access Request
When the HP-UX AAA server receives a RADIUS message, it calls the FSM and defines a starting
event according to the type of message. This event is stored in the Interlink-Proxy-Action
attribute. In the default FSM, the first action for all requests is request-ingress POLICY. If this POLICY
is executed successfully, the next action is determined by the event stored in
Interlink-Proxy-Action. By default, for an Access-Request this action is iaaaUsers. Figure 4
(page 28) shows how the FSM actions interact to process the Access-Request for authentication
and authorization.
HP-UX AAA Server Commands, Utilities and Daemons 27