Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
31323334353637383940
2 Upgrading to Version A.08.02.10
This chapter explains how to upgrade to the HP-UX AAA Server A.08.02.10 from previous versions.
The HP-UX AAA Server Upgrade Process
The following process describes the HP-UX AAA Server A.08.02.10 product installation on a
system where a previous version of the HP-UX AAA server is currently installed:
1. The contents of the existing configuration in /etc/opt/aaa/ are copied to /etc/opt/
aaa.old/. If any files with the same names exist in /etc/opt/aaa.old/, they will be
overwritten.
2. The old product binaries are removed and new product binaries are installed.
3. Old unmodified configuration files are replaced with the new default configuration files in
/etc/opt/aaa/.
4. Backup of the default A.08.02.10 files are installed in /opt/aaa/newconfig/etc/opt/
aaa/ for your reference.
5. Generally, no additional migration is necessary, except as specified in the following sections:
“Upgrading from Versions A.07.00, A.06.02, A.06.01, or A.07.01 to Version
A.08.02.10” (page 34).
“Upgrading from Version A.06.00.x to Version A.08.02.10” (page 35)
“Upgrading from Version A.05.x to Version A.08.02.10” (page 37)
NOTE: Contact your HP Support representative if you are upgrading from version A.05.x
and require assistance.
Upgrading from Versions A.07.00, A.06.02, A.06.01, or A.07.01 to
Version A.08.02.10
Starting with HP-UX AAA Server A.08.00 release, EAP-LEAP AATV is obsolete. The EAP-LEAP
authentication method is replaced by the EAP-PEAP authentication method. HP recommends that
you use EAP-PEAP in place of EAP-LEAP for improved security. Unlike EAP-LEAP, EAP-PEAP supports
mutual authentication and uses an encrypted tunnel to transmit the user's credentials.
If you have configured a realm for EAP-LEAP authentication, remove the realm entry from the /etc/
opt/aaa/authfile and /etc/opt/aaa/EAP.authfile and re-configure the realm. For
information on EAP-PEAP, see “Securing LAN Access With EAP” (page 113).
Starting with HP-UX AAA Server A.08.00 release, the Oracle authentication module is obsolete.
The Oracle authentication module is supported using SQL Access. HP recommends that you set
up your HP-UX AAA Server to interact with the Oracle database using the SQL Access feature.
If you have configured a realm for ORACLE authentication, remove the realm entry from the /etc/
opt/aaa/authfile and /etc/opt/aaa/EAP.authfile and re-configure the realm. For
Database via SQL using the HP-UX AAA Server Manager, see “Configuring Realms” (page 73).
For information on how to implement SQL Access, see “SQL Access” (page 248).
Starting with HP-UX AAA Server A.08.00 release, the SecurID authentication is obsolete. The
SecurID authentication is replaced by the Open AuTHentication (OATH) standards-based One-Time
Password (OTP) authentication. OATH is an industry-wide collaboration to develop open-reference
architecture for strong authentication. The OATH standards-based OTP authentication solution
supports hardware and software tokens from multiple vendors.
If you have configured a realm for SecurID authentication, remove the realm entry from the /etc/
opt/aaa/authfile and the /etc/opt/aaa/EAP.authfile and re-configure the realm. For
34 Upgrading to Version A.08.02.10