HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

381

382

383

384

385

386

387

388

389

390

The aaa.config File

The aaa.config file contains keyword-value entries, one-per-line, which allows the user to override

compiled-in default values in the AAA server. The aaa.config file can be used for performance

tuning, debugging, or overriding built-in defaults.

IMPORTANT: Configuration files have maximum input line length of 255 characters. No checking

is done to ensure that a configuration statement has not exceeded this limit.

You can include configuration data in multiple text files and load them at server startup. For each

text file, add a one-line entry to the aaa.config file according to the format shown below:

include “File-name”

If File-name does not specify a path, the server will look for the file in the configuration directory.

Syntax of a Keyword-Value Entry in the aaa.config file as shown below:

variable = value

NOTE: Any space or tab characters before the variable or surrounding the equal sign character

are ignored. Space and tab characters after the value may be considered part of the value assigned

to the variable.

Variables in the aaa.config File

Following lists the variables that you can modify in the aaa.config file:

The vsa_integer_sign Variable

This variable is used to change the behavior for printing Vendor Specific Attributes (VSAs) of type

integer. The VSAs of type integer are interpreted as signed integer for printing. This is the default

behavior when the vsa_integer_sign variable is “on”. When the vsa_integer_sign

variable is “off” the AAA Server interprets VSA’s of type integer as unsigned integer for printing.

NOTE: The attribute types which qualify as integer type are integer, short, octet, and tag-int.

The strict_duplicate_check Variable

This variable is used to change the behavior for detecting duplicate RADIUS packets. To identify

a RADIUS packet as duplicate the AAA Server checks the identifier, source port, source IP address,

and the packet length. This is the default behavior when the strict_duplicate_check variable

is “off”. This default behavior allows the AAA Server to support a wider range of NASs.

When the strict_duplicate_check variable is enabled to “on” the AAA Server also checks

if the request authenticator is the same. Setting this variable to “on” results in significant performance

increase.

The aatv.ProLDAP Property

This property controls AAA server connections to an LDAP server.

• Retry-Interval sets the number of seconds for the AAA server to wait before trying to reconnect

to a LDAP directory server, when a realm has failover directory servers configured. Defaults

to 60 seconds.

• Retry-Wait sets the number of seconds that the AAA server will wait before attempting to

connect to the same failover LDAP server. When all failover directory servers configured for

a realm are down, the AAA server will try to reconnect to one every time an access request

is received. In such a situation, this parameter guarantees that the software does not spend

too much time in trying to reconnect those directory servers. Default value is 1 second.

The aaa.config File 383