Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.02 Administrator's Guide: HP-UX 11i v1 and 11i v2 > Chapter 23 Configuration Files

The las.conf File
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The las.conf file contains a list of configuration items for the Local Authorization Server (LAS) that controls realm-based authentication. These items are organized into several sections. There are configuration sections for realms, token pools, and generic LAS configuration items. These sections do not have to maintain a particular order; however, you must define an item (a token pool, for example) before it can be referenced.

CAUTION: You need to edit the las.conf file by adding a realm entry only if you wish to include token pools, or define session timing parameters. Token pools and session timing parameters are not configurable through the Server Manager graphic interface. When defining realm attributes in the Server Manager graphic interface, the Session Tracking radio buttons automatically add or remove a realm las.conf entry. If you add a realm entry by editing this file directly, and then select the No Session Tracking radio button in the Server Manager, and save the change, the las.conf realm entry will be deleted.
IMPORTANT: Configuration files have maximum input line length of 255 characters. No checking is done to insure that a configuration statement has not exceeded this limit. In addition, all configuration files must end with a new line character.

LAS Session Timing Parameters

You can override the default times for built-in parameters related to session timing. Table 23-1 “Default LAS Session Timing Parameters” lists the default LAS session timing parameters.

Table 23-1 Default LAS Session Timing Parameters

Parameter

Default in SecondsDescription
Session-Hold-Time45 Tells LAS how long to wait for an Accounting-Start message from the NAS. After the specified number of seconds, a session is moved into not-confirmed state, in which it is not counted as a simultaneous session. This parameter us only used for Hunt-groups.
Session-Kill-Time300
(5 minutes)		Tells LAS when to remove a session when it is in the Not-Confirmed, Disconnected, Rejected, Collided, or Rebooted state.
Session-Check-Time300
(5 minutes)		States the time interval to check the session table.
Session-Clear-Time172800
(48 hours)		Tells when to remove a session when it is in a suspended state.
Session-Idle-Time915
(15 minutes and 15 seconds)		Tells LASCP Authentication/Authorization Travel Vector (AATV) how long to wait for checkpoint messages before suspending a session.
Session-Update-Time5 Specifies how often status of sessions are to be updated.
Token-Hold-Adjustment5 Specifies how long a token may be held after a session is accepted yet no confirmation is received after the request is released by the engine. A token may be held up to hold time (<30 seconds) plus Token-Hold-Adjustment.
Auto-Save300
(5 minutes)		Specifies the interval for the LAS to save the session table if there’s any change.

 

Token Pool Configuration

This section the token pools, and the number of tokens for each token pool. Token pools are used for limiting the total number of simultaneous sessions for a given realm.

Below is the syntax of a token pool configuration

Tokenpool
   token-pool-Name number-of-tokens
   . . .
End-Tokenpool
token-pool

Name of the token pool

number-of-tokens

Number of tokens in the token pool.

Example 

Tokenpool 
   Sample-pool     4 
End-Tokenpool

Realm Configuration

This section lists realms by name and, optionally, any services, token pools or any custom AATV support for a realm. A realm entry las.conf is required to perform session tracking. The default server behavior is to log accounting messages locally, whether the server processes Access-Request messages locally or sends them to a proxy server. If a realm entry exists in the las.conf file, the server will send accounting messages to the remote server that processed the authentication for the corresponding user. The las.conf realm entries must have corresponding realm entries in the Server Manager’s Define Realm screen, which can be accessed through the Local Realms link on the Server Manager.

Syntax of Realm configuration

Realm   realm-name
   Authorization   LAS-authorization-AATV
   Accounting      LAS-accounting-AATV
 
   Service              number-of-services
        service-name
        service-name
        . . .
   End-Service
 
   Tokenpool       number-of-tokenpools
        Token-pool-name       max-number-of-tokens
        Token-pool-name       max-number-of-tokens
        . . .
   End-Tokenpool
End-Realm
Realm

defines a name for the realm.

Authorization

specifies the AATV for performing authorization. The default is LASGEN.

Accounting

specifies the AATV to use for user accounting. The default is GENACCT.

Service

specifies the number of services supported by the realm and lists the names of the defined services to support.

Tokenpool

specifies the token pools supported by the realm and lists the token pools by following the syntax: 

    Token-pool-name    max-number-of-tokens

  • A Token-pool-name is the name of a defined token pool.

  • max-number-of-tokens specifies how many tokens a realm may use.



The dictionary File
  		 


The vendors File  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.