Contact Us Contact Us

HP-UX AAA Server (RADIUS)

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications
Select
Overview

NOTE: Effective March 1st, 2019, sustaining R&D engineering support will no longer be available for AAA Server on HP-UX. HPE will continue to offer technical support without sustaining engineering.

The HP-UX AAA Server utilizes the industry standard Remote Authentication Dial-In User Service (RADIUS) protocol and Extensible Authentication Protocol (EAP) to provide standards-based user authentication, authorization, and accounting services to network devices and software applications.

The HP-UX AAA Server can be utilized for securing wired and wireless LAN access, provide authentication and accounting for Virtual Private Network (VPN) gateways, firewalls and other network devices, and to enhance the security of RADIUS-enabled software applications in Enterprise and Service Provider environments.

What's New for Version A.08.02.10

HP-UX AAA Server A.08.02.10 includes the following new feature- HP-UX AAA Server version A.08.02.10 supports Java 6.0 on HP-UX 11i v3 :

Some defect fixes are also included in HP-UX AAA Server A.08.02.10. For more information, see HP-UX AAA Server A.08.02.10 Release Notes .

Other features in Version A.08.02.10 and A.08.01

HP-UX AAA Server A.08.02.10 and HP-UX AAA Server A.08.01 deliver the following features and benefits:

  • EAP-MS-CHAP v2 for OTP Authentication: EAP-MS-CHAP v2 module supports Open Authentication (OATH) standards-based One-Time Password (OTP) authentication.
  • Common Logfile: Supports having Common Logfile for multiple instances of HP-UX AAA servers on a single host.
  • Log Level Filters: Enables the customers to control the amount of information logged in the HP-UX AAA server log file. Logging can be controlled by configuring filters based on the RADIUS message type.
  • Arithmetic Expression: Supports arithmetic expressions such as addition, subtraction, negation, multiplication, and integer division in policy files.
  • String Concatenation:: Supports string concatenation in policy files.
  • Dynamic Authorization:: Enables the HP-UX AAA Server to act as a client to send RADIUS server-initiated Disconnect and Change-of-Authorization (CoA) message s and assimilate responses as specified in RFC 5176.
  • EAP-SIM and EAP-AKA authentication methods: : Supports Extensible Authentication Protocol (EAP) for authentication and session key distribution using Global S ystem for Mobile Communications (GSM) Subscriber Identity Module (SIM) as specified in RFC 4186 and using Universal Mobile Telecommunications System (UMTS) Authentication Key Ag reement (AKA) as specified in RFC 4187 in 3GPP network environment.
  • Scalability and High Availability: : Supports running and managing a group of multiple HP-UX AAA Servers on a single host to process multiple RADIUS requests simultaneously to offer scalability and better performance. This feature also supports running and managing a group of multiple HP-UX AAA servers on different hosts to offer hig h availability.
  • MS-CHAPv2 for OTP Authentication:MS-CHAPv2 module supports Open Authentication (OATH) standards-based One-Time Password (OTP) authentication.

Features available in Version A.08.02.10, A.08.01 and A.07.01

HP-UX AAA Server A.08.02.10, HP-UX AAA Server A.08.01 and HP-UX AAA Server A.07.01 deliver the following features and benefits:

  • OATH standards-based OTP and two-factor authentication: Provides OATH standards-based OTP authentication for additional security to protect networks from phishing attacks, unauthorized network access, and identity theft. The OATH standards-based OTP authentication solution uses the HMAC-based One-Time Password (HOTP) algorithm to generate an OTP, using a secret key and a sequence counter. OATH standards-based OTP authentication in the HP-UX AAA Server can be customized easily to suit various deployment scenarios. Typically, OTP is used to provide two-factor authentication.
  • Web-based User and Token Management Tool: Provides a customizable web interface that can be used to manage user and token information stored in an SQL database.
  • HP-UX AAA Server SDK: Server Plug-in Software Developer's Kit for customizing and extending the features of the HP-UX AAA Server. The Server SDK is now included with the HP-UX AAA Server product.
  • Advanced Policy Engine: Updated policy engine provides extended syntax for complex policy actions to manipulate RADIUS requests and replies based on attribute content. This feature includes substring manipulation.
  • Common Database Interface: Supports HP-UX AAA Server interaction with databases via the SQL Access AATV and database client connector libraries for supported databases.
  • EAP Support for securing wireless LANs (WLAN): Supports EAP for 802.1x port-based authentication, including PEAP, TTLS, TLS, GTC/OTP, MS-CHAP v2, and MD5.
  • Multi-Server Session Management: Supports user, group, or custom limits on concurrent logins to limit simultaneous sessions. Customizable shared session management for multiple AAA servers is supported via the SQL Access feature.
  • IP Address Management: DHCP interface for centralized administration of IP Address assignment.
  • IPv6 Support: Supports RADIUS IPv6 attributes with HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 operating systems. This feature also supports RADIUS communication over IPv6 transports with HP-UX 11i v2 and HP-UX 11i v3 operating systems.
  • SNMP Support: Effectively integrate and manage HP-UX AAA Servers with SNMP compliant network management tools.
  • LDAP Integration: Supports user profile storage and authentication using LDAP Version 3 compliant directories.
  • Web-based Administration: Enables management and configuration of multiple HP-UX AAA Servers sharing a common configuration set.
  • Secure LAN Advisor: Utility inside the Server Manager administration tool to help plan, configure, and deploy authenticated LAN access via 802.1x and EAP.
  • Robust RADIUS Proxy Capabilities: Forwards authentication and accounting requests to other RADIUS servers by DNS, realm, or custom criteria with configurable retry and time-out periods.
  • Multi-vendor RADIUS Client Support: Includes pre-defined attribute mappings for leading network access vendors and a customizable vendor dictionary to support a wide range of RADIUS clients.
  • Flexible and Customized Session Logging: Customize session logs to capture the desired volume of session and accounting information. Session logging formats for Merit (default) and Livingston CDR Standard are included. Logging directly to the database, including shared accounting for multiple AAA servers is also supported via the SQL Access feature.
  • IETF RADIUS RFC Standards: Supports the following IETF RFCs:

RFC #

RFC Title

2284

PPP Extensible Authentication Protocol (EAP)

2619

RADIUS Authentication Server MIB

2621

RADIUS Accounting Server MIB

2716

PPP EAP-TLS Authentication Protocol

2865

Remote Authentication Dial In User Service (RADIUS)

2866

RADIUS Accounting

2867

RADIUS Accounting Modifications for Tunnel Protocol Support

2868

RADIUS Attributes for Tunnel Protocol Support

2869

RADIUS Extensions (Message-Authenticator)

3162

RADIUS and IPv6

4186

EAP Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)

4187

EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)

4226

HOTP: An HMAC-Based One-Time Password Algorithm

4672

RADIUS Dynamic Authorization Client MIB

5176

Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)

The following table lists the availability of HP-UX AAA Server on HP-UX 11i operating systems:

Version of HP-UX AAA Server depot

Contents Summary

Operating System

HP-UX AAA Server A.07.01

32-bit PA binaries and libraries

HP-UX 11i v1

HP-UX AAA Server A.08.01

32-bit IA/PA binaries and libraries

HP-UX 11i v2

HP-UX AAA Server A.08.02.10

32-bit IA/PA binaries and libraries

HP-UX 11i v3

 

Related Product Documentation

Refer to the following documents for additional information about the HP-UX AAA Server A.08.02.10, A.08.01 and HP-UX AAA Server A.07.01:

    • HP-UX AAA Server A.08.02.10 Release Notes
    • HP-UX AAA Server A.08.02.10 Administrator's Guide
    • HP-UX AAA Server A.08.01 Release Notes
    • HP-UX AAA Server A.08.01 Administrator's Guide
    • HP-UX AAA Server A.07.01 Release Notes
    • HP-UX AAA Server A.07.01 Administrator's Guide
    • White papers and product usage guides

The Release Notes contain the most recent release information, including the product installation requirements, compatibility, and certified clients for the latest version of the HP-UX AAA Server. You can find the HP-UX AAA Server Documentation on the HPE Technical Documentation web site.

The following documentation is installed with the HP-UX AAA Server:

Document

Location

Text version of README

/opt/aaa/README

Administrator's Guide

/opt/aaa/share/doc/admin.pdf *

Manpages

/opt/aaa/share/man

Secure LAN Advisor Help System

Server Manager administration utility

 

*Administrator's Guide may also be accessed via the Server Manager administration utility.

 
Additional product information
Product #: HPUX-AAAServer     
Additional info
Version: A.08.01, A.07.01, A.08.02.10
Software specification: A.08.02.10 for HP-UX 11i v3 (HPUX-AAAServer_A.08.02.10_HP-UX_B.11.31_IA_PA.depot)
A.08.01 for HP-UX 11i v2 (HPUX-AAAServer_A.08.01.00_HP-UX_B.11.23_IA_PA.depot)
A.07.01 for HP-UX 11i v1 (HPUX-AAAServer_A.07.01_HP-UX_B.11.11_32_64.depot)
Installation
Select