Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.01 Getting Started Guide: HP-UX 11.0, 11i v1, 11i v2 > Chapter 3 Basic Configuration Tasks

Storing User Profiles
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The user information that determines how an access request is authenticated and authorized is configured in a profile as a set of A-V pairs. These user profiles are grouped by realm and may be stored in flat text files or an external source such as an Oracle database or and LDAP server. Realms are recognized by the realm component of a user’s Network Access Identifier. If you have a small AAA deployment without several realm-specific configurations, you can define a default realm and store it in the users file.

Storing User Profiles in the Default Users File

When the AAA server receives a request, before it checks for profiles grouped by realms, it first checks the default users file for a matching profile. Use the following steps to store user profiles in the default users file:

  1. Access the Server Manager.

  2. Load the configuration from the appropriate AAA server by selecting the Load Configuration link from the Navigation Tree.

  3. Select the Users link from the Navigation Tree.

  4. Select the New User link.

  5. The User Attributes screen will appear. In the User Name text box, enter the name of the user profile.

    IMPORTANT: You must enter the user’s fully-qualified name when adding to the default users file. For example, enter user1@organization.com instead of only entering user1.

  6. Select Local from the Authentication Type list to authenticate the user with the authentication method configured for their realm. Selecting options other than Local will supersede the authentication method configured for the user’s realm and define a specific authentication method for that individual user.

  7. Enter a password for the user and confirm it by entering it again.

  8. Choose how you want to store the user’s password by selecting a hashing method in the Password Hashing Mechanism field. Select Plain Text to be compatible with most client password hashing methods. If you prefer not to use Plain Text, be sure the method you choose is compatible with the client password hashing method. The following table lists the supported client password hashing methods and each storage hash you should use for each method:

    Table 3-1 Password Hashing Compatibility

    Client Password Hash

    Storage Hash

    PAP

    Any

    MSCHAP

    NT Hash or Plain Text

    MD5

    MD5 or Plain Text

    GTC Static

    		Any

     

  9. You may enter values in the remaining fields to control the users session. These fields are optional and correspond to RADIUS A-V pairs that are explained in more detail in the HP-UX AAA Server Administrator’s Guide.

  10. Select the Create button.

  11. Select Save Configuration from the Navigation Frame. If you have multiple remote servers, you will prompted to select and confirm which servers you wish to add the access device entry to.

CAUTION: Save Configuration will save the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.

Grouping Users by Realm

While the HP-UX AAA Server can authenticate an individual user, you may want to authenticate and provision a group of users according to a common criteria, like an authentication type. One method of grouping users is according to the realm that they belong to. A realm is derived from a user’s Network Access Identifier, for example: name@sample.com where sample.com is the realm. Use the following steps to store user profiles in a flat text file grouped by realm:

  1. Access Server Manager.

  2. Select the Local Realms link from the Navigation Tree and then select the New local realm link

  3. In the Name field, enter the realm name.

  4. Select Authentication from the Realm Type drop-down list.

  5. Select Users File in the User Profile Storage drop-down list.

  6. Select the Users Profile Grouped by Realm button in the User Storage Parameters field. Identify a file to store the user information for the realm by entering a name in the File Name box. The AAA server adds a .users extension to the value you enter in the File Name box. Do not enter a path or use the / character.

  7. In the Security Methods field, choose the authentication methods to authenticate the users from the realm.

  8. Select the Create button.

  9. Return to the Local Realms screen to add user profiles to the realm.

  10. From the Local Realms screen, select the following icon for the realm that you wish to add user profiles for:

  11. From the Users screen select the New User link.

  12. In the User Name text box, enter the name of the users profile.

  13. In the Password text box, enter the value to match to the value to compare to the Password attribute value in the request. Confirm the password by entering it again.

  14. You may enter values in the remaining fields to control the users session. These fields are optional and correspond to RADIUS A-V pairs that are explained in more detail in the “A-V Pairs” chapter of HP-UX AAA Server Administration and Authentication Guide.

  15. Select the Create button in the User Attributes screen.

  16. Repeat steps 9 to 13 for each user profile you wish to add to the realm.

  17. Repeat these steps to add additional realms and groups of users.

  18. Select Save Configuration from the Navigation Frame. If you have multiple remote servers, you will prompted to select and confirm which servers you wish to add the access device entry to.

CAUTION: Save Configuration will save the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.


Chapter 3 Basic Configuration Tasks
  		 


Adding and Modifying Users  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.