Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
401402403404405406407408409410
34 Attribute-Value Pairs
The RADIUS protocol defines things in terms of attributes. Each attribute may take on one of a set
of values. When a RADIUS packet is exchanged among clients and servers, one or more attributes
and values are sent pairwise as an Attribute-Value pair (A-V pair). For the HP-UX AAA Server
software, all valid attributes and values are listed in the dictionary file.
This chapter organizes the attributes by the information and data that they contain and the functions
they perform, including the following:
Check and deny items to define simple policy for authorization
Reply items to configure the user’s session for authorization
Accounting attributes that stores usage information in logged accounting records
Configuration attributes that are used in a user profile to implement built-in HP-UX AAA Server
features.
Session attributes that appear in the HP-UX AAA Server binary session files.
Specifying Attribute-Value Pairs
Attribute names and their enumerated value names are defined in the dictionary file. When
specifying attribute values in configuration files, you must have a space before the equal to (=) or
not equal to (!=) operator. A list of A-V pairs may be delimited by commas, white space, or both.
Attribute-Value Formats
The attribute values (to the right of the equal sign) can take on any of the supported, legal values
described in the dictionary file. The attributes and their corresponding values are defined to
be one of the following types: IP address, ipv6prefix, ipv6addr, ifid, string, vendor, tag string, tag
integer, date, integer, string, octet, and short values.
The string values must be surrounded by the double quote ('"') character if they contain spaces;
otherwise, the quotation marks are optional. These values are limited to a maximum of 253
characters.
LDAP policy and decision files cannot handle tag string and tag integer values
The IPv4 address values can use the common dotted-quad notation.
The IPv6 address values can use the colon or double-colon (::) notation.
The date values follow the format of three character month abbreviation (e.g., Jan, Feb, Mar,
etc.), followed by the day, followed the year expressed as four digits (e.g., 1998). Each field
must be delimited by a space or hyphen (e.g., Jan 8 2002, Jan-21-2002, etc.)
A-V pair lists must be delimited by white space. For readability you may use both a comma
and white space as a delimiter.
Examples
The following examples are syntactically valid A-V pair lists:
Password = "rock", Service-Type = "Framed", Comment = "This is OK"
Password =rock Service-Type =Framed Comment ="This is OK"
The following examples are not syntactically valid A-V pair lists:
Password="rock"Service-Type="Framed"Comment="This is not OK"
Password= rock Service-Type= Framed Comment= This is not OK
Specifying Attribute-Value Pairs 403