Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Mobile AAA Server A.01.00 Administrator's Guide: HP-UX 11.00 and 11i version 1 > Chapter 10 Attribute-Value Pairs

Specifying Attribute-Value Pairs
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Attribute names and their enumerated value names are defined in the dictionary file. When specifying attribute values in configuration files, you must have a space before the equals (=) or not equal (!=) operator. A list of A-V pairs may be delimited by commas, white space, or both.

Attribute Value Formats

The attribute values (to the right of the equal sign) may take on any of the supported, legal values described in the dictionary file. The attributes and their corresponding values are defined to be one of the following types: IP address, integer32, unsigned32, integer64, unsigned64, float32, float64, octetstring, and grouped, as well as derived data types. These types include enumerated (derived from integer32), DiameterIdentity (derived from octetstring), time (derived from unsigned32), UTF8String (derived from octetstring), IPFilterRule (derived from octetstring), and QosFilterRule (derived from octetstring). The Float128 type is not supported by the Mobile AAA server.

  • The string values must be surrounded by the double quote ('"') character if they contain spaces; otherwise, the quotation marks are optional. These values are limited to a maximum of 253 characters.

  • The IP address values may use the common dotted-quad notation.

  • A-V pair lists must be delimited by white space. For readability you may use both a comma and white space as a delimiter.

Grouped A-V Pairs

In the Diameter protocol A-V pairs may be grouped under a single attribute, which is referred to as a grouped A-V pair. The A-V pairs associated with the group are its members. When a grouped A-V pair is received in a Diameter message, the membership list of the message’s grouped A-V pair is compared against the dictionary. If the membership lists do not compare, the message is rejected with a Result-Code of invalid-AVP-Value, and the offending grouped A-V pair is returned in a Failed-AVP A-V pair.

Reply Items

A reply item is an A-V pair that is returned to the client or server that made the original request. Some of these attributes, such as Session-Timeout can be used by the client to enforce some simple authorization policies. Reply items are not only included in Diameter answer messages, but are also sent in the Home-Agent-MIP-Request (HAR) messages sent from the home server to the home agent. For example, some of the following reply-items might be used to override the server's defaults for a given user: Authorization-Lifetime, MIP-Key-Lifetime, Session-Timeout, MIP-Replay-Mode, MIP-Algorithm-Type, Auth-Grace-Period.

Auth-Grace-Period

The number of seconds the Diameter server will wait following the expiration of Authorization-Lifetime before terminating the session.

Authorization-Lifetime

Maximum number of seconds of service to be provided to the user before the user must be reauthenticated and/or reauthorized. This attribute is useful if you want users, authorized to access a service for a finite amount of time, to extend their session through additional authorization requests.

The server will terminate a session after the Session-Timeout or the combined Authorization-Lifetime and Auth-Grace-Period value expires- a value of 0 to 13

MIP-Algorithm-Type

Algorithm identifier specified when generating Mobile IP session keys. The following values are valid:

  • MD5-Prefix-plus-Suffix-Mode

  • HMAC-MD5

  • HMAC-SHA-1

MIP-Key-Lifetime

Number of seconds that the session keys are valid. A value of zero indicates infinity (no timeout). If the key lifetime expires while the session is still active, the agent will either request a new session key or terminate the session.

MIP-Replay-Mode

Style of replay protection specified when generating Mobile IP session keys. The following values are valid:

1- None

2 - Timestamps. The home agent compares a timestamp in the registration message to its own time of day.

3 - Nonces. The agent and mobile nodes send a random number in each of their messages, which must be echoed in the recipient’s response.

Session-Timeout


This attribute sets the maximum number of seconds of service to be provided to the user before termination of the session. The server will terminate a session after the Session-Timeout or the combined Authorization-Lifetime and Auth-Grace-Period value elapses



Chapter 10 Attribute-Value Pairs
  		 


Attributes in Accounting Records  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.