Instruction d'utilisation HP (Hewlett-Packard) T1428-90026

Résumé du contenu de la page N° 1

HP-UX AAA Server A.06.00
Getting Started Guide
HP-UX 11.0, 11i v1
Manufacturing Part Number: T1428-90026
E0403
U.S.A.
© Copyright 2003 Hewlett-Packard Company. .

Résumé du contenu de la page N° 2

Legal Notices The information in this document is subject to change without notice.Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty. A copy of the s

Résumé du contenu de la page N° 3

Contents About This Document 1. Introduction to AAA Server RADIUS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 RADIUS Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Establishing a RADIUS Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Supported Authentication Methods. . . . . . . . . . . . . . . . . . . . .

Résumé du contenu de la page N° 4

Contents Commands, Utilities, & Daemons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Testing the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3. Basic Configuration Tasks Storing User Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Storing User Profiles in the Default Users File . . . . . . . . . . . . . . . . . . . . . . .

Résumé du contenu de la page N° 5

About This Document This document provides an overview of the HP-UX AAA Server product and explains how to install it. The document also provides basic configuration steps to beginning tasks. The document printing date and part number indicate the document’s current edition. The printing date and part number will change when a new edition is printed. Minor changes may be made at reprint without changing the printing date. The document part number will change when extensive changes are made. Docum

Résumé du contenu de la page N° 6

• “About This Document” content was removed from Chapter 1 in the previous version of this guide, and now resides in the preface of this guide. Publishing History The following table shows the printing history of this document. The first entry in the table corresponds to this document, while previous releases are listed in descending order. Table 1 Getting Started Guide Printing History Document Document Supports Part Release Date Software Supported OS Number (month/year) Version T1428-90026 0403

Résumé du contenu de la page N° 7

NOTE Emphasizes or supplements parts of the text. You can disregard the information in a note and still complete a task. IMPORTANT Notes that provide information that are essential to completing a task. CAUTION Describes an action that must be avoided or followed to prevent a loss of data. Related Documents In addition to this Getting Started Guide, HP released the following documents to support the HP-UX AAA Server A.06.00: Table 2 Additional Documents Document Document Title Part Number HP-UX

Résumé du contenu de la page N° 8

Please send comments to: netinfo_feedback@cup.hp.com Please include document title, manufacturing part number, and any comment, error found, or suggestion for improvement you have concerning this document. Also, please include what we did right so we can incorporate it into other documents. viii

Résumé du contenu de la page N° 9

1 Introduction to AAA Server This chapter contains an overview of product features and basic information about using the HP-UX AAA Server. Chapter 1 1

Résumé du contenu de la page N° 10

Introduction to AAA Server RADIUS Overview RADIUS Overview The Remote Authentication Dial In User Service (RADIUS) protocol is widely used and implemented to manage access to network services. It defines a standard for information exchange between a Network Access Server (NAS) and an authentication, authorization, and accounting (AAA) server for performing authentication, authorization, and accounting operations. A RADIUS AAA server can manage user profiles for authentication (verifying user name

Résumé du contenu de la page N° 11

Introduction to AAA Server RADIUS Overview Figure 1-1 Generic AAA Network Topology A forwarding server sends AAA servers and NASs Users dial-in proxied Access-Requests exchange requests/replies to a NAS to a remote server A User AAA1.ISP.net NAS1 Organization location: Ann Arbor B User Repository Organization NAS2 C User AAA4.ISP.net Organization location: Detroit D User Repository Organization AAA2.ISP.net NAS3 location: Flint E User Organization Repository F User AAA3.ISP.net NAS4 Organization

Résumé du contenu de la page N° 12

Introduction to AAA Server RADIUS Overview Establishing a RADIUS Session The handling of a user request is series of message exchanges that attempts to provide the user with a network service by establishing a session for the user. This transaction can be described as a series of actions that exchange data packets containing information related to the request. Figure 1-2, Client-Server RADIUS Transaction, illustrates the details of the transaction between a RADIUS AAA server and a client (a NAS

Résumé du contenu de la page N° 13

Introduction to AAA Server RADIUS Overview If all conditions are met, the server will send an Access-Accept packet to the client; otherwise, the server will send an Access-Reject. An Access-Accept data packet often includes authorization information that specifies what services the user can access and other session information, such as a timeout value that will indicate when the user should be disconnected from the system. When the client receives an Access-Accept packet, it will generate an Acco

Résumé du contenu de la page N° 14

Introduction to AAA Server RADIUS Overview which can calculate the correct response. The NAS will then forward the challenge and the response in the Access-Request, which the AAA server will use to authenticate the user. • Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is an implementation of the CHAP protocol that Microsoft created to authenticate remote Windows workstations. In most respects, MS-CHAP is identical to CHAP, but there are some differences. MS-CHAP is based on the

Résumé du contenu de la page N° 15

Introduction to AAA Server RADIUS Overview Shared Secret Encrypting the transmission of the User-Password in a request is accomplished by a shared secret. The shared secret is used to sign RADIUS data packets to ensure they are coming from a trusted source. The shared secret is also used to encrypt user passwords with certain authentication methods such as PAP. The HP-UX AAA Server uses the clients configuration file to associate a secret to each client (or server) that is authorized to make use o

Résumé du contenu de la page N° 16

Introduction to AAA Server Product Structure Product Structure The HP-UX AAA Server, based on a client/server architecture, consists of three components which may be installed independently: • HP-UX AAA Server daemon, libraries, and utilities • The AAA Server Manager is a program that performs administration and configuration tasks from a client’s browser for one or more AAA servers. • AAA Server module for Oracle authentication • Documentation The exchange of configuration information between a r

Résumé du contenu de la page N° 17

Introduction to AAA Server Product Structure AAA Server Manager Program The AAA Server Manager utilizes the HP-UX Tomcat-based Serverlet Engine to provide a configuration interface between a web browser and one or more AAA servers. Server Manager is used for starting, stopping, configuring, and modifying the servers. In addition, the program can retrieve logged server sessions and accounting information for an administrator. Accessing the Server Manager The Server Manager provides access to the AA

Résumé du contenu de la page N° 18

Introduction to AAA Server Product Structure Figure 1-3 The Server Manager User Interface Browser Requirements for Server Manager You need one of the following Web browsers to access the Server Manager: • Netscape® Navigator 4.76 (or higher) • Microsoft® Internet Explorer 5.0.5 (or higher) The browser preferences or Internet options should be set to always compare loaded pages to cached pages. HP recommends these versions because of known problems in earlier versions. 10 Chapter 1

Résumé du contenu de la page N° 19

Introduction to AAA Server AAA Server Architecture AAA Server Architecture The HP-UX AAA Server Architecture consists of three primary components: • Configuration files. By editing these flat text files, with either the Server Manager user interface or with a text editor, you can provide the information necessary for the server to perform authentication, authorization, and accounting requests for your system. • AATV plug-ins perform discrete actions; such as initiating an authentication request, rep

Résumé du contenu de la page N° 20

Introduction to AAA Server AAA Server Architecture Table 1-1 HP-UX AAA Server Configuration Files File Description users Information about user IDs, passwords, and check/deny/reply items. realm The same information as theusers file, but this user information is associated with a particular realm. These files are only necessary to perform File type authentication for a defined realm. Realms are recognized by the realm component of the user’s Network Access Identifier, for example: user@realm.com. NOTE