HP T1428-90026 User Manual

HP-UX AAA Server A.06.00

Getting Started Guide

HP-UX 11.0, 11i v1

Manufacturing Part Number: T1428-90026

E0403

U.S.A.

Legal Notices

The information in this document is subject to change without notice.Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and ﬁtness for a particular purpose. Hewlett-Packard shall not

be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.

Warranty. A copy of the speciﬁc warranty terms applicable to your Hewlett- Packard product and replacement parts can be obtained from your local Sales and Service Ofﬁce.

Restricted Rights Legend. Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR

52.227-19 for other agencies.

HEWLETT-PACKARD COMPANY 3000 Hanover Street Palo Alto, California 94304 U.S.A.

Use of this manual and ﬂexible disk(s) or tape cartridge(s) supplied for this pack is restricted to this product only.

Trademark Notices. UNIX is a registered trademark of The Open Group. MC/ServiceGuard® is a registered trademark of Hewlett-Packard Company. ProLDAP™ is a trademark of Interlink Networks, Inc. Microsoft is a U.S. registered trademark of Microsoft Corporation.

prohibited, except as allowed under the copyright laws. Parts of this document originally published by Interlink Networks.

2003 Interlink Networks, Inc. All Rights Reserved. This document is copyrighted by Interlink Networks Incorporated (Interlink Networks). The information contained within this document is subject to change without notice. Interlink Networks does not guarantee the accuracy of the information.

Interlink Networks, Inc. 5405 Data Court, Suite 300 Ann Arbor, MI 48108 www.interlinknetworks.com

Contents

About This Document

1. Introduction to AAA Server

RADIUS Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

RADIUS Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Establishing a RADIUS Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Supported Authentication Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

RADIUS Data Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Shared Secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Product Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

AAA Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

AAA Server Manager Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Accessing the Server Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

AAA Server Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Conﬁguration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

AATV Plug-Ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

The Software Engine: Finite State Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

HP-UX AAA Server Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Authentication Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Authorization Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Accounting Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Admin and Debug Tools/Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2. Installation

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

NAS Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

LAN Access Device Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Obtaining the HP-UX AAA Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Product Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Installation and Start-Up Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Installation and Start-Up Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Running Server Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Starting and Stopping the RMI Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Starting and Stopping Server Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Changing Server Manager User Name and Password . . . . . . . . . . . . . . . . . . . . . . . 27

UnInstalling the HP-UX AAA Server Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Installation Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

iii

Contents

Commands, Utilities, & Daemons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Testing the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3. Basic Conﬁguration Tasks

Storing User Proﬁles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Storing User Proﬁles in the Default Users File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Storing Wireless User Proﬁles Locally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Grouping Users by Realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Adding and Modifying Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Session Logging and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Viewing User Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Viewing Server Logﬁles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Viewing Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

4. Glossary of Terms

About This Document

This document provides an overview of the HP-UX AAA Server product and explains how to install it. The document also provides basic conﬁguration steps to beginning tasks.

The document printing date and part number indicate the document’s current edition. The printing date and part number will change when a new edition is printed. Minor changes may be made at reprint without changing the printing date. The document part number will change when extensive changes are made.

Document updates may be issued between editions to correct errors or document product changes. To ensure that you receive the updated or new editions, you should subscribe to the appropriate product support service. See your HP sales representative for details.

The latest version of this document can be found at http://docs.hp.com on the Internet and Security Solutions page.

Intended Audience

This Getting Started Guide is designed for ﬁrst-time and beginning users of the HP-UX AAA Server. Its objective is to allow you to quickly familiarize yourself with the basic functions of the product. Users should be familiar with the HP-UX operating system before using this guide.

New and Changed Documentation in This Edition

• The new product dependency is documented in this guide. The HP-UX AAA Server now uses the HP-UX Tomcat-Based Serverlet Engine component, as opposed to previously using the entire HP-UX Apache Web Server product. The product number for the HP-UX Tomcat-Based Serverlet Engine component is HPUXWST100001. Download the HP-UX Tomcat-Based Serverlet Engine at http://software.hp.com. See “Product Dependencies” for more information.

• New steps for starting the Server Manager GUI. See “Installation and Start-Up Procedure” for more information.

• “About This Document” content was removed from Chapter 1 in the previous version of this guide, and now resides in the preface of this guide.

Publishing History

The following table shows the printing history of this document. The ﬁrst entry in the table corresponds to this document, while previous releases are listed in descending order.

Table 1 Getting Started Guide Printing History

Document

Part

Number

T1428-90026 0403 A.06.00.08 HP-UX 11.00, 11i v1 T1428-90015 0203 A.06.00.07 HP-UX 11.00, 11i v1 T1428-90002 0602 A.05.01.01 HP-UX 11.00, 11i v1

Document Release Date (month/year)

Supports Software

Version

Supported OS

What’s in This Document

• Chapter 1, Introduction to AAA Server, contains an overview of product features and basic information about using the server and using it in AAA applications.

• Chapter 2, Installation, leads you through server installation, testing the installation, and starting the Server Manager GUI.

• Chapter 3, Basic Conﬁguration Tasks, contains procedures that lead you through basic conﬁguration and testing tasks.

Typographical Conventions

monospace Identiﬁes ﬁles, daemons, or any other item that may

appear on screen

italics Identiﬁes titles of books, chapters, or sections

Document Advisories Different types of notes appear in the text to call your attention to information of special importance. They are enclosed in ruling lines with a header that indicates the type of note and its urgency.

NOTE Emphasizes or supplements parts of the text. You can disregard the

information in a note and still complete a task.

IMPORTANT Notes that provide information that are essential to completing a task.

CAUTION Describes an action that must be avoided or followed to prevent a loss of

data.

1 Introduction to AAA Server

This chapter contains an overview of product features and basic information about using the HP-UX AAA Server.

Chapter 1 1

Introduction to AAA Server

RADIUS Overview

The Remote Authentication Dial In User Service (RADIUS) protocol is widely used and implemented to manage access to network services. It deﬁnes a standard for information exchange between a Network Access Server (NAS) and an authentication, authorization, and accounting (AAA) server for performing authentication, authorization, and accounting operations. A RADIUS AAA server can manage user proﬁles for authentication (verifying user name and password), conﬁguration information that speciﬁes the type of service to deliver, and policies to enforce that may restrict user access.

RADIUS Topology

The RADIUS protocol follows client-server architecture. The client sends user information to the RADIUS AAA server (in an Access-Request message) and after receiving a reply from the server acts according to the returned information. The RADIUS AAA server receives user requests for access from the client, attempts to authenticate the user, and returns the conﬁguration information and polices to the client. The RADIUS AAA server may be conﬁgured to authenticate an Access-Request locally or to act as a proxy client and forward a request to another AAA server. After forwarding a request, it handles the message exchanges between the NAS and the remote server. A single server can be conﬁgured to handle some requests locally and to forward proxy requests to remote servers.

In Figure 1-1 on page 3 an example ISP uses four AAA servers to handle user requests. Each user organization represents a logical grouping of users (deﬁned as a realm). Each user organization dials in to one of the ISP’s servers through an assigned NAS, some of which are shared by the same groups or realm. To provide appropriate service to a customer, the server accesses user and policy information from a repository, which may be integrated with the server, may be an external application, or a database that interfaces with the server. For the HP-UX AAA RADIUS and policy server the repository information may be stored in ﬂat text ﬁles or in an external database, such as an Oracle® database or LDAP directory server.

Chapter 12

Figure 1-1 Generic AAA Network Topology

A forwarding server sends proxied Access-Requests to a remote server

AAA servers and NASs Users dial-in exchange requests/replies to a NAS

AAA1.ISP.net location: Ann Arbor

NAS1

Introduction to AAA Server

RADIUS Overview

A User

Organization

Repository

AAA4.ISP.net location: Detroit

Repository

AAA2.ISP.net location: Flint

AAA3.ISP.net location: Kalamazoo

NAS2

NAS3

NAS4

B User

Organization

C User

Organization

D User

Organization

E User

Organization

F User

Organization

Chapter 1 3

Introduction to AAA Server

RADIUS Overview

Establishing a RADIUS Session

The handling of a user request is series of message exchanges that attempts to provide the user with a network service by establishing a session for the user. This transaction can be described as a series of actions that exchange data packets containing information related to the request. Figure 1-2, Client-Server RADIUS Transaction, illustrates the details of the transaction between a RADIUS AAA server and a client (a NAS in this example). When the user’s workstation connects to the client, the client sends an Access-Request RADIUS data packet to the AAA server.

Figure 1-2 Client-Server RADIUS Transaction

User

User Connects

Client

(NAS)

Access-Request

Access-Reject

AAA Server

User Disconnects

Accounting-Request (Start)

Session Starts

Session Ends User Disconnected

When the server receives the request, it validates the sending client. If the client is permitted to send requests to the server, the server will then take information from the Access-Request and attempt to match the request to a user proﬁle. The proﬁle will contain a list of requirements that must be met to successfully authenticate the user. Authentication usually includes veriﬁcation of a password, but can also specify other information, such as the port number of the client or the service type that has been requested, that must be veriﬁed.

Or Access-Accept

Accounting-Response

Accounting-Request (Stop)

Accounting-Response

Chapter 14

Introduction to AAA Server

RADIUS Overview

If all conditions are met, the server will send an Access-Accept packet to the client; otherwise, the server will send an Access-Reject. An Access-Accept data packet often includes authorization information that speciﬁes what services the user can access and other session information, such as a timeout value that will indicate when the user should be disconnected from the system.

When the client receives an Access-Accept packet, it will generate an Accounting-Request to start the session and send the request to the server. The Accounting-Request data packet describes the type of service being delivered and the user that will use the service. The server will respond with an Accounting-Response to acknowledge that the request was successfully received and recorded. The user’s session will end when the client generates an Accounting-Request—triggered by the user, by the client, or an interruption in service—to stop the session. Again, the server will acknowledge the Accounting-Request with an Accounting-Response.

Supported Authentication Methods

The following list describes the authentication methods the HP-UX AAA Server supports:

• Password Authentication Protocol (PAP) is not a strong authentication method to establish a connection; passwords are sent in clear text between the user and client. When used with RADIUS for authentication, the messages exchanged between the client and server to establish a PPP connection corresponds to Figure 1-2. This authentication method is most appropriately used where a plaintext password must be available to simulate a login at a remote host. In such use, this method provides a similar level of security to the usual user login at the remote host.

• Challenge-Handshake Authentication Protocol (CHAP) is a stronger authentication protocol to establish a connection. When used with RADIUS for authentication, the messages exchanged between the client and server to establish a PPP connection is similar to Figure 1-2. One difference, however, is that a challenge occurs between the user and NAS before the NAS sends an Access-Request. The user must respond by encrypting the challenge (usually a random number) and returning the result. Authorized users are equipped with special devices, like smart cards or software,

Chapter 1 5

Introduction to AAA Server

RADIUS Overview

which can calculate the correct response. The NAS will then forward the challenge and the response in the Access-Request, which the AAA server will use to authenticate the user.

• Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is an implementation of the CHAP protocol that Microsoft created to authenticate remote Windows workstations. In most respects, MS-CHAP is identical to CHAP, but there are some differences. MS-CHAP is based on the encryption and hashing algorithms used by Windows networks, and the MS-CHAP response to a challenge is in a format optimized for compatibility with Windows operating systems.

• Extensible Authentication Protocol (EAP) Like CHAP, EAP is a more secure authentication protocol to establish a PPP connection than PAP and offers more ﬂexibility to handle authentication requests with different encryption algorithms. It allows authentication by encapsulating various types of authentication exchanges, such as MD5. These EAP messages can be encapsulated in the packets of other protocols, such as RADIUS, for compatibility with a wide range of authentication mechanisms.Thisﬂexibility also allows EAP to be implemented in a way (LEAP, for example) that is more suitable for wireless and mobile environments than other authentication protocols. EAP allows authentication to take place directly between the user and server without the intervention by the access device that occurs with CHAP.

NOTE EAP/TLS and EAP/TTLS functionality is not supported in the

HP-UX AAA Server A.06.00.

RADIUS Data Packets

The Access-Request and other RADIUS data packets contain a header and a set of attribute-value (A-V) pairs, which are used by the server during the AAA transaction. The RADIUS RFC 2865 deﬁnes how vendors can extend the protocol. Encapsulation is the RFC deﬁned way of extending RADIUS. Conﬂicts can occur when the RFC is not followed. In those cases, the server can map the attributes to unique internal values for processing. For a full description of RADIUS attribute-value pairs, see the Administrator’s Guide.

Chapter 16

Introduction to AAA Server

RADIUS Overview

Shared Secret

Encrypting the transmission of the User-Password in a request is accomplished by a shared secret. The shared secret is used to sign RADIUS data packets to ensure they are coming from a trusted source. The shared secret is also used to encrypt user passwords with certain authentication methods such as PAP. The HP-UX AAA Server uses the clients conﬁguration ﬁle to associate a secret to each client (or server) that is authorized to make use of its services.

Chapter 1 7

Introduction to AAA Server

Product Structure

The HP-UX AAA Server, based on a client/server architecture, consists of three components which may be installed independently:

• HP-UX AAA Server daemon, libraries, and utilities

• The AAA Server Manager is a program that performs administration and conﬁguration tasks from a client’s browser for one or more AAA servers.

• AAA Server module for Oracle authentication

• Documentation

The exchange of conﬁguration information between a remote AAA server and the AAA Server Manager program is validated by a shared secret. This secret is unique to the Server Manager and a remote AAA server.It should not be the same secret used by a AAA server and the peers that it communicates with. The exchange of information between a browser and the client program is not validated or encrypted by default, although you can conﬁgure HTTPS to secure this communication. Refer to the HP-UX AAA Server Administration and Authentication Guide for more information about conﬁguring Server Manager to run over HTTPS.

NOTE To secure the communication between the Server Manager and the

HP-UX AAA Server, install the Server Manager and the HP-UX AAA Server software inside a secure network.

AAA Servers

AAA server installations include the AAA server, which performs the authentication, authorization, and accounting functions to process requests, and RMI objects. The RMI objects establish a connection and facilitate communication between the AAA server and the HP-UX Tomcat-based Serverlet Engine.

Chapter 18

Introduction to AAA Server

Product Structure

AAA Server Manager Program

The AAA Server Manager utilizes the HP-UX Tomcat-based Serverlet Engine to provide a conﬁguration interface between a web browser and one or more AAA servers. Server Manager is used for starting, stopping, conﬁguring, and modifying the servers. In addition, the program can retrieve logged server sessions and accounting information for an administrator.

Accessing the Server Manager

The Server Manager provides access to the AAA server management functions and conﬁguration ﬁles. From a remote client workstation, administrators can access the AAA Server Manager interface through a Web browser. An administrator can create a AAA conﬁguration for authenticating users and implementing authorization policies. In addition to creating, modifying, and deleting entries in many of the server’s conﬁguration ﬁles,an administrator may start and stop the AAA server, access the server’s status and system time, retrieve information from accounting and session logs, and terminate sessions. You can access the functions that perform these operations by selecting an item from the Navigation Tree located in the left frame of the HTML page.

NOTE Some advanced features of the HP-UX AAA Server cannot be conﬁgured

through the Server Manager interface. Forexample,ifyouwanttodeﬁne policy or vendor-speciﬁc attributes, you must manually edit the conﬁguration ﬁles. Refer to the HP-UX AAA Server Administration and Authentication Guide for more information.

Chapter 1 9

Introduction to AAA Server

Product Structure

Figure 1-3 The Server Manager User Interface

Browser Requirements for Server Manager

You need one of the following Web browsers to access the Server Manager:

• Netscape® Navigator 4.76 (or higher)

• Microsoft® Internet Explorer 5.0.5 (or higher)

The browser preferences or Internet options should be set to always compare loaded pages to cached pages. HP recommends these versions

because of known problems in earlier versions.

Chapter 110

Introduction to AAA Server

AAA Server Architecture

The HP-UX AAA Server Architecture consists of three primary components:

• Conﬁguration ﬁles. By editing these ﬂat text ﬁles, with either the Server Manager user interface or with a text editor, you can provide the information necessary for the server to perform authentication, authorization, and accounting requests for your system.

• AATV plug-ins perform discrete actions; such as initiating an authentication request, replying to an authentication request, or logging an accounting record.

• The software engine, which includes the Finite State Machine (FSM) and some associated routines. At server startup, the ﬁnite state machine reads instructions from a state table—by default the /etc/opt/aaa/radius.fsm text ﬁle. The state table outlines what AATV actions to call and what order to call them in.

When the server is initialized, it performs a few distinct operations. It loads and initializes the AATV plug-ins, so that actions can be executed when called by the ﬁnite state machine. It also reads the conﬁguration ﬁles to initialize the data required for the actions to execute according to the application’s requirements.

Conﬁguration Files

The HP-UX AAA Server reads data from the following conﬁguration ﬁles installed at /etc/opt/aaa/ by default:

Table 1-1 HP-UX AAA Server Conﬁguration Files

File Description

clients Information about all RADIUS clients—name,

address, shared secret, type, etc.—that allows the server to recognize and communicate with the clients.

authfile Authentication typeparametersfordeﬁned realms.

Chapter 1 11

Introduction to AAA Server

AAA Server Architecture

Table 1-1 HP-UX AAA Server Conﬁguration Files

File Description

users Information about user IDs, passwords, and

check/deny/reply items.

realm The same information as the users ﬁle, but this

user information is associated with a particular realm. These ﬁles are only necessary to perform File type authentication for a deﬁned realm. Realms are recognized by the realm component of the user’s Network Access Identiﬁer, for example: user@realm.com.

NOTE: This is a user generated ﬁle, it does not ship with the product.

decision Policy information for user authorization and

session control based on any logical group that can be deﬁned with A-V pairs.

NOTE: This is a user generated ﬁle, it does not ship with the product.

las.conf Deﬁnes services for session control based on

realms.

vendors Optional entries for vendor-speciﬁc behavior. dictionary Deﬁnes all attributes and values that may be used

to build attribute-value (A-V) pairs that will be recognizable by the server. These A-V pairs contain information about requests and responses.This ﬁle also contains deﬁnitions for all the authentication

types that the server recognizes. log.config Speciﬁes the predeﬁned session log formats to use. aaa.conﬁg Calls engine.config. iaaaAgent.conf Speciﬁes how often the AAA server’s SNMP

subagent will check to see if a master agent is

active.

Chapter 112

Introduction to AAA Server

AAA Server Architecture

Table 1-1 HP-UX AAA Server Conﬁguration Files

File Description

EAP.authfile Used to conﬁgure EAP authentication for user

proﬁles. db_srv.opt The conﬁguration script for the db_srv

environment variables. engine.config Called by aaa.conf, this ﬁle stores most of the

AAA server properties.

You can ﬁnd out more information about these ﬁles by referring to the HP-UX AAA Server Administration and Authentication Guide. Each conﬁguration ﬁle also contains comments with examples.

AATV Plug-Ins

Deﬁne actions to perform functions, such as authenticating requests, authorizing,and logging. Built-in actions support authentication of users from information in different storage methods.

The Software Engine: Finite State Machine

In the Finite State Machine, a request will transition through a series of states, starting with a state that includes possible starting events. The ﬁrst action speciﬁed to be called in response to an initial authentication request would return a value, an event that determines the next state to transition to. Within each state, the next action is triggered by an event (based on previous state and action and a value, typically ACK or NAK, returned by the previous action), which in turn directs the ﬂow of the request to another state, until an End state is reached.

Chapter 1 13

+ 49 hidden pages