Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.02 Administrator's Guide: HP-UX 11i v1 and 11i v2 > Chapter 2 Installing and Securing the HP-UX AAA Server

HP-UX AAA Server File Locations
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Although HP-UX AAA Server can be run as root user, HP recommends running it as a non-root user.

A user and group, both named aaa, is created during installation. The HP-UX AAA Server can be run as non-root user, using the default aaa user created during installation, or any other user who is part of the aaa group.

IMPORTANT: Do not remove the default login aaa and group aaa created during installation, even if you prefer not to use them.

Table 2-1 File Locations Upon Installation

Directory

File

/opt/aaa/aatvServer modules and plug-ins
/opt/aaa/bin

Server daemons and utilities:

  • db_srv: Oracle client daemon for authentication

  • las.test.sh: script to create simulated sessions for testing

  • radcheck: AAA Server test utility (like the ping command)

  • raddbginc: controls server debug output

  • radiusd: AAA Server executable

  • radpwtst: AAA test client utility

  • start_db_srv.sh: script to start the Oracle client daemon

  • stop_db_srv.sh: script to stop the Oracle client daemon

/opt/aaa/examples/config

Finite state machine, group policy example files:

  • *.fsm: sample FSM tables

  • *.grp: sample decision files

/opt/aaa/examples/oracle

  • create.sql: SQL script to create Oracle users table

  • delete.sql: Sample SQL script to delete Oracle user records

  • insert.sql: Sample SQL script to add Oracle user records

/opt/aaa/examples/proldapLDAP schema and sample LDIF files
/opt/aaa/lib

Shared libraries:

  • libradlib.sl: contains functions that interface with the main server

  • librpilib.sl: contains functions for programs and utilities

  • libjniAgent.sl: contains functions for Server Manager.

NOTE: Shared library files have .so file extensions on HP-UX 11i v2 (B.11.23)
/opt/aaa/newconfigDefault configuration files. Files residing here are copied to /etc/opt/aaa directory during installation.

/etc/opt/aaa/security/

Directory containing a unique set of self-signed digital certificates created during installation.

/opt/aaa/share/man/man5 and ~/man1mDirectories where manpages are installed

/opt/aaa/share/doc/

Directory containing Administrator’s Guide and product documentation.

/etc/opt/aaa

Configuration files:

  • aaa.config: runtime and tunneling configuration file

  • authfile: realm to authentication-type mapping file

  • clients: client to shared secret mapping file

  • db_srv.opt: configuration script for db_srv environment variables

  • dictionary: definition file required by the radiusd daemon

  • las.conf: authorization and accounting configuration file

  • log.config: session logging configuration file

  • radius.fsm: external FSM table for the server

  • users: holds user security profiles and reply items

  • vendors: holds Internet Assigned Numbers Authority (IANA) numbers and other vendor specific details

  • engine.config: stores most of the AAA server properties.

  • EAP.authfile: configures EAP authentication for user profiles

  • iaaaAgent.conf: specifies how often the AAA server’s SNMP subagent will check to see if a master agent is active

  • aaa.config.license: Do not alter this file

  • RADIUS-ACC-SERVER-MIB.txt: describes RADIUS Accounting MIB definitions.

  • RADIUS-AUTH-SERVER-MIB.txt: describes RADIUS Authentication MIB definitions.

 

Table 2-2 “Files Generated During Operation” lists the files generated during operation and located in /var/opt/aaa/ by default:

Table 2-2 Files Generated During Operation

Directory

File
/acct/session.yyyy-mm-dd.logDefault session accounting logs, Merit style
/data/session.lasCurrently active sessions log file
/ipc/*.sm

Shared memory files related to the interface used for some authentication types.

IMPORTANT: You must not alter or delete the shared memory (*.sm) files. The server does not operate correctly if the files are changed or removed from the ipc directory.
/logs/logfileThe server log file
/logs/logfile.yyyymmddCompressed daily or weekly log files
/radacct/*For session accounting logs in Livingston call detail records directory style format (not generated by default configuration)
/run/radius.pidContains the process id (pid) for the server.

 



Installing and Uninstalling the HP-UX AAA Server
  		 


Securing the HP-UX AAA Server  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.