HP 11I V2, 11I V1 User Manual

HP-UX AAA Server A.06.01
Getting Started Guide
HP-UX 11.0, 11i v1, 11i v2
Manufacturing Part Number : T1428-90058
E1004
U.S.A.
© Copyright 2001-2004 Hewlett-Packard Development Company, L.P.
The information in this document is subject to change without notice.Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not
be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Warranty. A copy of the specific warranty terms applicable to your Hewlett- Packard product and replacement parts can be obtained from your local Sales and Service Office.
Restricted Rights Legend. Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR
52.227-19 for other agencies.
HEWLETT-PACKARD COMPANY 3000 Hanover Street Palo Alto, California 94304 U.S.A.
Use of this manual and flexible disk(s) or tape cartridge(s) supplied for this pack is restricted to this product only.
Trademark Notices. UNIX is a registered trademark of The Open Group. Internet Explorer is a registered trademark of Microsoft Corporation. Netscape Navigator is a registered trademark of Time Warner, Inc. MC/ServiceGuard® is a registered trademark of Hewlett-Packard Company. ProLDAP™ is a trademark of Interlink Networks, Inc. OpenLDAP is a registered trademark of the OpenLDAP Foundation
Copyright Notices. ©copyright 2001-2004 Hewlett-Packard Development Company L.P., all rights reserved. Reproduction, adaptation, or translation of this document without prior written permission is prohibited, except as allowed under the copyright laws. Parts of this document originally published by Interlink Networks.
2004 Interlink Networks, Inc. All Rights Reserved. This document is copyrighted by Interlink Networks Incorporated (Interlink Networks). The information contained within this document is subject to change without notice. Interlink Networks does not guarantee the accuracy of the information.
Interlink Networks, Inc. 5405 Data Court, Suite 300 Ann Arbor, MI 48108 www.interlinknetworks.com
ii
Contents
About This Document
1. Introduction to AAA Server
RADIUS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
RADIUS Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Establishing a RADIUS Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Supported Authentication Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
RADIUS Data Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Shared Secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Product Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
AAA Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
AAA Server Manager Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
The 802.1x Advisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Accessing the Server Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
AAA Server Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
AATV Plug-Ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
The Software Engine: Finite State Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
HP-UX AAA Server Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Authentication Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Authorization Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Accounting Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Admin and Debug Tools/Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2. Installing and Starting the HP-UX AAA Server
Getting the HP-UX AAA Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Installing the HP-UX AAA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Starting the HP-UX AAA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Starting and Stopping the RMI Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Starting and Stopping Tomcat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Testing the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installation Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Commands, Utilities, & Daemons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
UnInstalling the HP-UX AAA Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3. Basic Configuration Tasks
Storing User Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
iii
Contents
Storing User Profiles in the Default Users File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Grouping Users by Realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Adding and Modifying Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Session Logging and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Viewing User Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Viewing Server Logfiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Viewing Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Securing WLANs with the HP-UX AAA Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4. Glossary of Terms
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
iv
About This Document
This document provides an overview of the HP-UX AAA Server and explains how to install and start the product. The document also provides steps to basic configuration tasks for beginning users. Refer to the HP-UX AAA Server Administrator’s Guide for complete HP-UX AAA Server documentation.
The document printing date and part number indicate the document’s current edition. The printing date and part number will change when a new edition is printed. Minor changes may be made at reprint without changing the printing date. The document part number will change when extensive changes are made.
Document updates may be issued between editions to correct errors or document product changes. To ensure that you receive the updated or new editions, you should subscribe to the appropriate product support service. See your HP sales representative for details.
The latest version of this document can be found at http://docs.hp.com on the Internet and Security Solutions page.
Intended Audience
This Getting Started Guide is designed for first-time and beginning users of the HP-UX AAA Server. The objective of this guide is to allow you to quickly familiarize yourself with the basic functions of the product. Users should be familiar with the HP-UX operating system before using this guide.
New and Changed Documentation in This Edition
Removed the various requirements, including installing and operating requirements, for each specific 6.1.x version of the HP-UX AAA Server. Refer to the HP-UX AAA Server Release Notes for the requirements of each version of the product.
v
Publishing History
The following table shows the printing history of this document. The first entry in the table corresponds to this document, while previous releases are listed in descending order.
Table 1 Getting Started Guide Printing History
Document
Part
Number
T1428-90058 10/04 A.06.01.x HP-UX 11i v1, 11i v2
T1428-90049 01/04 A.06.01.x HP-UX 11.00, 11i v1, 11i v2
T1428-90043 10/03 A.06.01.x HP-UX 11.00, 11i v1
T1428-90026 04/03 A.06.00.08 HP-UX 11.00, 11i v1
T1428-90015 02/03 A.06.00.07 HP-UX 11.00, 11i v1
T1428-90002 06/02 A.05.01.01 HP-UX 11.00, 11i v1
Document Release Date (month/year)
Supports Software
Version
Supported OS
What’s in This Document
Chapter 1, Introduction to AAA Server, contains an overview of product features and basic information about using the server.
Chapter 2, Installing and Starting the HP-UX AAA Server, leads you through server installation, testing the installation, and starting the Server Manager GUI.
Chapter 3, Basic Configuration Tasks, contains procedures that lead you through basic configuration and testing tasks.
Typographical Conventions
monospace Identifies files, daemons, or any other item that may appear on screen
italics Identifies titles of books, chapters, or sections
Document Advisories Different types of notes appear in the text to call your attention to information of special importance. They are enclosed in ruling lines with a header that indicates the type of note and its urgency.
vi
NOTE Emphasizes or supplements parts of the text. You can disregard the
information in a note and still complete a task.
IMPORTANT Notes that provide information that are essential to completing a task.
CAUTION Describes an action that must be avoided or followed to prevent a loss of data.
Related Documents
In addition to this Getting Started Guide, HP released the following documents to support the HP-UX AAA Server A.06.01.x:
HP-UX AAA Server A.06.01 Administrator’s Guide
HP-UX AAA Server A.06.01.02 Release Notes
HP-UX AAA Server A.06.01.02.04 Release Notes
HP-UX AAA Server A.06.01.02.06 Release Notes
HP-UX AAA Server A.06.01.02.07 Release Notes
HP-UX AAA Server A.06.01.05 Release Notes
The Administrator’s Guide and the Getting Started Guide are installed with the product at /opt/aaa/share/doc/. You can also find these documents in the Server Manager’s Help menu. The most recently released documentation for the HP-UX AAA Server is always available at http://www.docs.hp.com on the Internet and Security Solutions page.
HP Encourages Your Comments
HP encourages your comments concerning this document. We are truly committed to providing documentation that meets your needs.
Please send comments to: netinfo_feedback@cup.hp.com Please include document title, manufacturing part number, and any comment, error found, or
suggestion for improvement you have concerning this document. Also, please include what we did right so we can incorporate it into other documents.
vii
viii
1 Introduction to AAA Server
This chapter contains an overview of product features and basic information about using the HP-UX AAA Server.
Chapter 1 1
Introduction to AAA Server

RADIUS Overview

RADIUS Overview
The Remote Authentication Dial In User Service (RADIUS) protocol is widely used and implemented to manage access to network services. It defines a standard for information exchange between a Network Access Server (NAS) and an authentication, authorization, and accounting (AAA) server for performing authentication, authorization, and accounting operations. A RADIUS AAA server can manage user profiles for authentication (verifying user name and password), configuration information that specifies the type of service to deliver, and policies to enforce that may restrict user access.
RADIUS Topology
The RADIUS protocol follows client-server architecture. The client sends user information to the RADIUS AAA server (in an Access-Request message) and after receiving a reply from the server acts according to the returned information. The RADIUS AAA server receives user requests for access from the client, attempts to authenticate the user, and returns the configuration information and polices to the client. The RADIUS AAA server may be configured to authenticate an Access-Request locally or to act as a proxy client and forward a request to another AAA server. After forwarding a request, it handles the message exchanges between the NAS and the remote server. A single server can be configured to handle some requests locally and to forward proxy requests to remote servers.
In Figure 1-1 on page 3 an example ISP uses four AAA servers to handle user requests. Each user organization represents a logical grouping of users (defined as a realm). Each user organization dials in to one of the ISP’s servers through an assigned NAS, some of which are shared by the same groups or realm. To provide appropriate service to a customer, the server accesses user and policy information from a repository, which may be integrated with the server, may be an external application, or a database that interfaces with the server. For the HP-UX AAA RADIUS and policy server the repository information may be stored in flat text files or in an external database, such as an Oracle® database or LDAP directory server.
Chapter 12
Figure 1-1 Generic AAA Network Topology
A forwarding server sends proxied Access-Requests to a remote server
AAA servers and NASs Users dial-in exchange requests/replies to a NAS
AAA1.ISP.net location: Ann Arbor
NAS1
Introduction to AAA Server
RADIUS Overview
A User
Organization
B User
Organization
C User
Organization
D User
Organization
E User
Organization
F User
Organization
Repository
AAA4.ISP.net location: Detroit
Repository
Repository
Repository
AAA2.ISP.net location: Flint
AAA3.ISP.net location: Kalamazoo
NAS2
NAS3
NAS4
Establishing a RADIUS Session
The handling of a user request is series of message exchanges that attempts to provide the user with a network service by establishing a session for the user. This transaction can be described as a series of actions that exchange data packets containing information related to the request. Figure 1-2, Client-Server RADIUS Transaction, illustrates the details of the
Chapter 1 3
Introduction to AAA Server
RADIUS Overview
transaction between a RADIUS AAA server and a client (a NAS in this example). When the user’s workstation connects to the client, the client sends an Access-Request RADIUS data packet to the AAA server.
Figure 1-2 Client-Server RADIUS Transaction
User
User Connects
Client
(NAS)
Access-Request
AAA Server
Access-Reject
User Disconnects
Or Access-Accept
Accounting-Request (Start)
Session Starts
Accounting-Response
Accounting-Request (Stop)
Session Ends
Accounting-Response
User Disconnected
When the server receives the request, it validates the sending client. If the client is permitted to send requests to the server, the server will then take information from the Access-Request and attempt to match the request to a user profile. The profile will contain a list of requirements that must be met to successfully authenticate the user. Authentication usually includes verification of a password, but can also specify other information, such as the port number of the client or the service type that has been requested, that must be verified.
If all conditions are met, the server will send an Access-Accept packet to the client; otherwise, the server will send an Access-Reject. An Access-Accept data packet often includes authorization information that specifies what services the user can access and other session information, such as a timeout value that will indicate when the user should be disconnected from the system.
When the client receives an Access-Accept packet, it will generate an Accounting-Request to start the session and send the request to the server. The Accounting-Request data packet describes the type of service being delivered and the user that will use the service. The server will respond with an Accounting-Response to acknowledge that the request was successfully received and recorded. The user’s session will end when the client generates an
Chapter 14
Introduction to AAA Server
RADIUS Overview
Accounting-Request—triggered by the user, by the client, or an interruption in service—to stop the session. Again, the server will acknowledge the Accounting-Request with an Accounting-Response.
Supported Authentication Methods
The following list describes the authentication methods the HP-UX AAA Server supports:
Password Authentication Protocol (PAP)
Not a strong authentication method to establish a connection; passwords are sent in clear text between the user and client. When used with RADIUS for authentication, the messages exchanged between the client and server to establish a PPP connection corresponds to Figure 1-2. This authentication method is most appropriately used where a plaintext password must be available to simulate a login at a remote host. In such use, this method provides a similar level of security to the usual user login at the remote host.
Challenge Handshake Authentication Protocol (CHAP)
A stronger authentication protocol to establish a connection. When used with RADIUS for authentication, the messages exchanged between the client and server to establish a PPP connection is similar to Figure 1-2. One difference, however, is that a challenge occurs between the user and NAS before the NAS sends an Access-Request. The user must respond by encrypting the challenge (usually a random number) and returning the result. Authorized users are equipped with special devices, like smart cards or software, which can calculate the correct response. The NAS will then forward the challenge and the response in the Access-Request, which the AAA server will use to authenticate the user.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
An implementation of the CHAP protocol that Microsoft created to authenticate remote Windows workstations. In most respects, MS-CHAP is identical to CHAP, but there are some differences. MS-CHAP is based on the encryption and hashing algorithms used by Windows networks, and the MS-CHAP response to a challenge is in a format optimized for compatibility with Windows operating systems.
Extensible Authentication Protocol (EAP)
Like CHAP, EAP is a more secure authentication protocol to establish a PPP connection than PAP and offers more flexibility to handle authentication requests with different encryption algorithms. It allows authentication by encapsulating various types of authentication exchanges, such as MD5. These EAP messages can be encapsulated in the packets of other protocols, such as RADIUS, for compatibility with a wide range of authentication
Chapter 1 5
Introduction to AAA Server
RADIUS Overview
mechanisms. This flexibility also allows EAP to be implemented in a way (LEAP, for example) that is more suitable for wireless and mobile environments than other authentication protocols. EAP allows authentication to take place directly between the user and server without the intervention by the access device that occurs with CHAP.
The following is a list of the EAP supported authentication methods you can use with the HP-UX AAA Server A.06.01:
Transport Layer Security (TLS): Uses TLS (also known as SSL) to authenticate the client using its digital certificate. Note: some wireless supplicants require specific extensions to support certificates for EAP. TLS features include: Dynamic Key Exchange; Mutual Authentication; Digital Certificate/Token Card-based Authentication; and, Encrypted Tunnelling.
Tunneled TLS (TTLS): Can carry additional EAP or legacy authentication methods like PAP, MS-CHAP, and CHAP. Integrates with the widest variety of password storage formats and existing password-based authentication systems. Wireless supplicants available for a large number of clients. TTLS features include: Dynamic Key Exchange; Mutual Authentication; Password-based Authentication; and, Encrypted Tunnelling.
Protected EAP (PEAP): Functionally very similar to TTLS, but does not encapsulate legacy authentication methods. PEAP features include: Dynamic Key Exchange; Mutual Authentication; and, Encrypted Tunnelling.
Message Digest 5 (MD5): Passwords are hashed using the MD5 algorithm. Can be deployed for protecting access to LAN switches where the authentication traffic will not be transmitted over airwaves. Can also be safely deployed for wireless authentication inside EAP tunnel methods. The main feature in MD5 is Password-based Authentication.
Lightweight EAP (LEAP): For Legacy Cisco equipment only. LEAP features include: Dynamic Key Exchange; Mutual Authentication; and, Password-based Authentication.
Generic Token Card (GTC): Carries user specific token cards for authentication. The main feature in GTC is Digital Certificate/Token Card-based Authentication.
EAP MS-CHAP: Passwords are hashed using a Microsoft algorithm. Can be deployed for protecting access to LAN switches where the authentication traffic will not be transmitted over airwaves. Can also be safely deployed for wireless authentication inside EAP tunnel methods. EAP-MSCHAP features include Mutual Authentication and Password-based Authentication.
RADIUS Data Packets
The Access-Request and other RADIUS data packets contain a header and a set of attribute-value (A-V) pairs, which are used by the server during the AAA transaction. The RADIUS RFC 2865 defines how vendors can extend the protocol. Encapsulation is the RFC
Chapter 16
Introduction to AAA Server
RADIUS Overview
defined way of extending RADIUS. Conflicts can occur when the RFC is not followed. In those cases, the server can map the attributes to unique internal values for processing. For a full description of RADIUS attribute-value pairs, see the Administrator’s Guide.
Shared Secret
Encrypting the transmission of the User-Password in a request is accomplished by a shared secret. The shared secret is used to sign RADIUS data packets to ensure they are coming from a trusted source. The shared secret is also used to encrypt user passwords with certain authentication methods such as PAP. The HP-UX AAA Server uses the clients configuration file to associate a secret to each client (or server) that is authorized to make use of its services.
Chapter 1 7
Introduction to AAA Server

Product Structure

Product Structure
The HP-UX AAA Server, based on a client/server architecture, consists of the following components which may be installed independently:
HP-UX AAA Server daemon, libraries, and utilities
The AAA Server Manager is the user interface that performs administration and configuration tasks from a client’s browser for one or more AAA servers.
AAA Server module for Oracle authentication
Documentation
The exchange of configuration information between a remote AAA server and the AAA Server Manager program is validated by a shared secret. This secret is unique to the Server Manager and a remote AAA server. It should not be the same secret used by a AAA server and the peers that it communicates with. The exchange of information between a browser and the client program is not validated or encrypted by default, although you can configure HTTPS to secure this communication. Refer to the HP-UX AAA Server Administrator’s Guide for more information about configuring Server Manager to run over HTTPS.
NOTE To secure the communication between the Server Manager and the HP-UX
AAA Server, install the Server Manager and the HP-UX AAA Server software inside a secure network.
AAA Servers
AAA server installations include the AAA server, which performs the authentication, authorization, and accounting functions to process requests, and RMI objects. The RMI objects establish a connection and facilitate communication between the AAA server and the HP-UX Tomcat-based Serverlet Engine.
AAA Server Manager Program
The AAA Server Manager utilizes the HP-UX Tomcat-based Serverlet Engine to provide a configuration interface between a web browser and one or more AAA servers. Server Manager is used for starting, stopping, configuring, and modifying the servers. In addition, the program can retrieve logged server sessions and accounting information for an administrator.
Chapter 18
Introduction to AAA Server
Product Structure
The 802.1x Advisor
The 802.1x Advisor is an HTML tutorial/help system in the Server Manager GUI that walks you through the tasks and Server Manager screens for securing WLANs with the HP-UX AAA Server. The 802.1x Advisor provides information only—it does not edit configuration files. Follow the 802.1x Advisor and use Server Manager to create and deploy basic AAA configurations for securing WLANs. Refer to the HP-UX AAA Server Administrator’s Guide for complete HP-UX AAA Server documentation. The following figure shows the 802.1x Advisor.
Figure 1-3 The 802.1x Advisor For Securing WLANs
Chapter 1 9
Introduction to AAA Server
Product Structure
Accessing the Server Manager
The Server Manager provides access to the AAA server management functions and configuration files. From a remote client workstation, administrators can access the AAA Server Manager interface through a Web browser. An administrator can create a AAA configuration for authenticating users and implementing authorization policies. In addition to creating, modifying, and deleting entries in many of the server’s configuration files, an administrator may start and stop the AAA server, access the server’s status and system time, retrieve information from accounting and session logs, and terminate sessions. You can access the functions that perform these operations by selecting an item from the Navigation Tree located in the left frame of the HTML page.
Figure 1-4 The Server Manager User Interface
Chapter 110
Introduction to AAA Server
Product Structure
Some advanced features of the HP-UX AAA Server cannot be configured through the Server Manager interface. For example, if you want to define session management parameters, policies, or vendor-specific attributes, you must manually edit the configuration files. Refer to the HP-UX AAA Server Administrator’s Guide for more information.
IMPORTANT Refer to the HP-UX AAA Server Release Notes for the supported browsers for
each version of the product.
NOTE The browser preferences or Internet options should be set to always compare
loaded pages to cached pages.
Chapter 1 11
Introduction to AAA Server

AAA Server Architecture

AAA Server Architecture
The HP-UX AAA Server Architecture consists of three primary components:
Configuration files. By editing these flat text files, with either the Server Manager user interface or with a text editor, you can provide the information necessary for the server to perform authentication, authorization, and accounting requests for configured users.
AATV plug-ins perform discrete actions; such as initiating an authentication request, replying to an authentication request, or logging an accounting record.
The software engine, which includes the Finite State Machine (FSM) and some associated routines. At server startup, the finite state machine reads instructions from a state table—by default the /etc/opt/aaa/radius.fsm text file. The state table outlines what AATV actions to call and what order to call them in.
When the server is initialized, it performs a few distinct operations. It loads and initializes the AATV plug-ins, so that actions can be executed when called by the finite state machine. It also reads the configuration files to initialize the data required for the actions to execute according to the application’s requirements.
Configuration Files
The HP-UX AAA Server reads data from the following configuration files installed at /etc/opt/aaa/ by default:
Table 1-1 HP-UX AAA Server Configuration Files
File Description
clients Information about all RADIUS clients—name,
address, shared secret, type, etc.—that allows the server to recognize and communicate with the clients.
authfile Authentication typeparameters for defined realms.
users Information about user IDs, passwords, and
check/deny/reply items.
Chapter 112
Loading...
+ 44 hidden pages