Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.02 Administrator's Guide: HP-UX 11i v1 and 11i v2 > Chapter 22 The Finite State Machine (FSM)

Actions
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The actions in the state table correspond to the AATV actions defined. These actions perform discrete functions, such as initiating an authentication request, replying to an authentication request, or logging an accounting record. Any action in the state table must exist in a HP-UX AAA library or plug-in (located in the /opt/aaa/aatv directory). Table 22-2 “Available Actions” lists some of the available actions.

Table 22-2 Available Actions

Actions

Description
ACCTWrites Livingston call detail records
ACCT_SWITCH Direct FSM to next state based on reason code of the Accounting-Request
ACKSignifies success

iaaaAuthenticate

Parses and verifies the password recieved in the request against the password in the stored user profile.

AUTHENTICATEInitial action to handle an Access-Request
CHK_DNYVerifies check items in user profile
CLEANUPExits the FSM
EAPPerforms EAP authentication

iaaaUsers, iaaaFile

Attempts to recieve a user profile stored in a users file.

FILE Retrieves user profile from a users or realm file and verifies password
IPADDRAssigns IP address from a reserved pool of addresses
KCHAPPerforms Kerberos Challenge Handshake Authentication Protocol (KCHAP) authentication
KILLUnconditionally removes pending events
LASEvaluates realm-based authorization
LAS_ACCTInitial action to handle an Accounting-Request
LOGWrites Merit session log records
NULLNo action placeholder
ORACLERetrieves user profile from an Oracle database and verifies password
PASSWD Retrieves UNIX user profile and verifies password
PENDINGChecks for pending events
POLICYEvaluates complex policy decisions that apply to a request
POSTLAS Allocates tokens
PROLDAPRetrieves user profile from an LDAP server and verifies password
RAD2RADSends RADIUS proxy requests
RADDNSResolves DNS names
RADIUSReceives RADIUS requests and replies

iaaaRealm

Attempts to locate where a user profile is stored for the realm extracted from a user request.

REALMHandles realm-based authentication
REDORepeat an action
REPLYSend a RADIUS reply (access or accounting) to a client
SECURIDRetrieves user profile from a SecurID server and verifies password
SRV_STATUSFor Status-Server (Management-Poll) requests
TIMEOUTPerforms timeout logging
TUNNELINGEncrypts Tunnel-Password and resolves hints from client

 

FSM Tables

Table 22-3 “Predefined FSM Tables” lists the various FSM tables you can use.

Table 22-3 Predefined FSM Tables

Filename

Function
/etc/opt/aaa/radius.fsm

Basic authentication, authorization, and accounting functions

/opt/aaa/examples/config/merit.fsmFor use with legacy applications that require the finite state table used in HP-UX AAA Server versions before A.06.02.
/opt/aaa/examples/config/logall.fsmLogs all accounting messages in Merit-style session logs.

/opt/aaa/examples/config/proxyacct.fsm

Template file that allows accounting messages to be logged at a remote proxy server.

/opt/aaa/examples/config/DNIS.fsm

Template file that adds an example of DNIS routing to default.fsm

/opt/aaa/examples/config/DAC.fsm

Template file that adds an example of dynamic access control (DAC) to default.fsm

 

To use any of the above predefined state tables for the AAA server, copy the required .fsm file to /etc/opt/aaa/radius.fsm and start the AAA server

NOTE: The product is installed with logall.fsm as radius.fsm in /etc/opt/aaa/.


Event Names
  		 


Custom State Tables  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.