HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)
NOTE: If no realm is specified in the NAI, the server assigns the value NULL for the realm.
You can configure NULL realm behavior in the same manner as named realms.
4. The iaaaRealmaction calls another action that attempts to retrieve a matching user profile
from the data store for the realm, as indicated by authfile:
• A realm-specific AAA users file;
• An external data store, such as LDAP or a database;
• A Unix user profile service via the getpwent() system call.
If the realm is defined as a proxy, the RADIUS request is forwarded to the target RADIUS
server defined for this realm.
5. The user is authenticated according to the protocol established by the Access-Request. If a
password-based protocol (PAP,CHAP, MSCHAP) is specified, the user's password is verified.
If an EAP method is used, mutual authentication is carried out according to the EAP type (PEAP,
TLS, TTLS, or PEAP).
If User-Name matches no entry, either in a local text file or an external data source, the
authentication fails.
Authorization to Control Sessions and Access to Services
The HP-UX AAA server can authorize users using one of the following methods:
• Provisioning on a user-by-user basis with check items and by adding reply items to an
Access-Accept message (simple policy)
• Through Local Authorization Server (LAS) functions based on realms
• Through stored policy decisions based on other logical groups that can add check and reply
items to the request
Like authentication, the authorization of an access request has a number of distinctive steps, as
shown in Figure 6 (page 31). The rounded rectangles represent configuration files and the ovals
represent one or more actions called by the FSM.
30 Overview: The HP-UX AAA Server