Introduction to AAA Server
HP-UX AAA Server Features
Chapter 1 15
• Authentication of users defined in a /etc/passwd file
• Authentication using multiple sets of user definition and realm
definition files (users and authfile files) keyed by network access
server (NAS)
• Supports multiple user definition (realm) files keyed by realm (File
type authentication)
• Authentication of users defined in an LDAP server (ProLDAP™ type
authentication), including support of {clear} indicator for clear text
passwords
• Authentication of users defined in an ORACLE database
• UNIX bigcrypt() for users defined in a flat file or LDAP directory
• Load balancing and failover when authenticating users stored in an
LDAP directory server or Oracle database
Authorization Features
• Support of simple authorization policy through check and deny
attribute-value pair items specified in users files
• Support for definition of reply item attribute-value pairs in a users
file
• Support of simple authorization policy through check and deny
attribute-value pair items specified in realm files (File type
authentication) or an LDAP directory server (ProLDAP type
authentication)
• Support for definition of reply item attribute-value pairs through
realm files, an LDAP directory server, or an Oracle database
• Support of complex authorization policy construction through
Boolean expressions with attribute-value pair operands
• Supports simultaneous session limitation by user and by realm
Accounting Features
• Generates Merit or Livingston reference accounting detail files
(accounting start and stop RADIUS messages from network access
server (NAS)), known as call detail records (CDR)
