HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

391

392

393

394

395

396

397

398

399

400

IMPORTANT: Configuration files have a maximum input line length of 255 characters. No

checking is done to insure that a configuration statement has not exceeded this limit. All configuration

files must end with a new line.

You can track different versions of the dictionary file by adding the following line to the file:

%DICTID Version-String

Version-String is the version information. This string will appear in radcheck output.

Attribute Entries

Below is the syntax of Dictionary Attribute entries:

ATTRIBUTE attribute-name integer-encoding type pruning

NOTE: Vendor-specific attribute identifier strings are defined in the vendors file and can be

used in place of the default string ATTRIBUTE. For more information, see “Syntax of a vendors

File” (page 396).

attribute-name Replaced with the unique name of an attribute.

integer-encoding Replaced with the actual attribute number code used in the A-V pair

data format.

type Replaced with one of the following data types for the attribute:

• octet: 8-bit unsigned integer value

• short: 16-bit unsigned integer value

• integer: 32 bit value in big endian order (high byte first)

• date: 32 bit value in big endian order (seconds since 00:00:00

GMT, Jan. 1, 1970)

• octets: 0-253 undistinguished octets

• a binary: 0-253 Ascend binary filter octets

• string: 0-253 octets

• vendor: 0-253 octets with octets 0-3 representing the IANA number

• ipaddr: 4 octets in network byte order

• ipv6addr: 16 octets in network byte order (used for IPv6 attributes)

• ipv6prefix: 4-20 octets (used for IPv6 attributes)

• ifid: 8 undistinguished octets (used for IPv6 attributes)

• tag-int: single octet followed by three octets of integer value (used

for tunneling attribute)

• tag-string: single octet followed by 0-252 octets (used for tunneling

attribute)

pruning May be replaced with an optional expression that controls three server

features

• whether the attribute is ever sent to the NAS

• whether or not the attribute may be logged

• encapsulation, if used, for vendor-specific attributes

Pruning Expressions

Pruning is a feature that allows the server to remove A-V pairs from an Access-Accept, Access-Reject,

or Access-Challenge message before sending the message to a client that has been configured for

392 Configuration Files