Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Mobile AAA Server A.01.00 Administrator's Guide: HP-UX 11.00 and 11i version 1 > Chapter 5 Configuration Procedures

Realms
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Generally, a realm is a group of users who share a common characteristic, such as being customers of the same Internet Service Provider (ISP). All users of a given realm are handled the same, either proxied to a remote server or locally authenticated using a specified method according to the authentication type assigned to the realm.

Select the Realms link in the navigation tree in the left side of the Server Manager to configure realms. The Define Realms screen allows you to configure realms for the Mobile AAA server(s) by adding a new realm to or modifying or deleting an existing realm in the server's authfile.

NOTE: Configuration changes made through the Realms link are reflected in: /etc/opt/aaa/diameter/diameter.authfile.

Creating or Modifying a Realm

When adding a new realm entry to the server configuration or modifying an existing entry, you supply values for the realm attributes through a form's fields.

Name

A realm name to be mapped. This name does not have to be a DNS host name, although it is highly recommended that the realm name  match a domain name so the user recognizes the user@realm syntax that resembles their E-mail address.

Authentication Type

Identifies the type of authentication to be performed for this realm name.

Table 5-1 Authentication Types for Realms

KeywordMeaning
File

Flat file lookup of user profiles.

ProLDAP

Look up user profiles stored in an LDAP accessible directory service. This authentication requires an extended entry. (See the HP-UX Mobile AAA Server Authentication Guide)

PROXY

Send the Proxy request to the specified server.

 

FQDN or file name


Dependent upon the authentication type:

  • For the File authentication type, the parameter specifies the name of the file that contains the user profiles.

  • For PROXY, it identifies the machine running the remote server that should receive a forwarded request. The attribute-value pairs returned by the remote server are propagated back to the client

Alias

An optional, parenthesized list of one or more aliases, delimited by commas. Each realm alias is equivalent to the realm name.

Extended Parameters


This section of the form will be populated with additional fields that are unique to a particular authentication type. The fields appear when the authentication type is selected.

When adding a new realm, you select the Create button to submit it to the Mobile AAA Server Manager program. When modifying an existing realm, you select the Modify button to submit the changes. In either case if each required field contains a valid value, the profile will be created or modified; otherwise, an error message is displayed. You can always select the Cancel button and return to the Define Realms screen without making any changes to your server configuration.

Deleting a Realm

The Realm Deletion screen allows you to preview an entry before delete it. If the Delete button is selected, the Mobile AAA Server Manager will delete the entry corresponding to that realm. There will be no modification of the order of the remaining entries.

Special Entries

The following are a few special entries that might be used:

Wildcard Entries

When specifying the primary realm for an entry, you can use a wild card syntax, *.realm. This syntax provides a shorthand for associating several related realms with a single authentication type. For example, a company may have several branches, eastern.company.com, western.company.com, and central.company.com. The wild card entry for that company would define *.company.com as the realm and  would match all three of these realms. It is highly recommended that any such wild card entry be listed after more specific entries. This order allows the preceding, specific entries to override the wild card entry.

DEFAULT Entry

An entry with the realm name DEFAULT can be included to indicate how to handle authentication requests for realm names not explicitly specified. Usually, it will identify a remote server to forward the request to.



Peers
  		 


User Files  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.