Actions

The actions in the state table correspond to the AATV actions defined. These actions perform discrete functions, such as initiating an authentication request, replying to an authentication request, or logging an accounting record. Any action in the state table must exist in an HP-UX AAA library or plug-in (located in the /opt/aaa/aatv directory). Table 27-2 “Available Actions” lists some of the available actions.

Table 27-2 Available Actions

Actions	Description
`ACCT`	Writes Livingston call detail records
`ACCT_SWITCH`	Direct FSM to next state based on reason code of the Accounting-Request
`ACK`	Signifies success
`iaaaAuthenticate`	Parses and verifies the password recieved in the request against the password in the stored user profile.
`AUTHENTICATE`	Initial action to handle an Access-Request
`CHK_DNY`	Verifies check items in user profile
`CLEANUP`	Exits the FSM
`EAP`	Performs EAP authentication
`iaaaUsers`, `iaaaFile`	Attempts to retrieve a user profile stored in a users file.
`FILE`	Retrieves user profile from a users or realm file and verifies password
`IPADDR`	Assigns IP address from a reserved pool of addresses
`KILL`	Unconditionally removes pending events
`LAS`	Evaluates realm-based authorization
`LAS_ACCT`	Initial action to handle an Accounting-Request
`LOG`	Writes Merit session log records
`NULL`	No action placeholder
`ORACLE`	Retrieves user profile from an Oracle database and verifies password
`PASSWD`	Retrieves UNIX user profile and verifies password
`PENDING`	Checks for pending events
`POLICY`	Evaluates complex policy decisions that apply to a request
`POSTLAS`	Allocates tokens
`PROLDAP`	Retrieves user profile from an LDAP server and verifies password
`RAD2RAD`	Sends RADIUS proxy requests
`RADDNS`	Resolves DNS names
`RADIUS`	Receives RADIUS requests and replies
`iaaaRealm`	Attempts to locate where a user profile is stored for the realm extracted from a user request.
`REALM`	Handles realm-based authentication
`REDO`	Repeat an action
`REPLY`	Send a RADIUS reply (access or accounting) to a client
`SECURID`	Retrieves user profile from a SecurID server and verifies password
`SQLAccess`	Triggers the SQL action specified in the `xstring` argument
`SRV_STATUS`	For Status-Server (Management-Poll) requests
`TIMEOUT`	Performs timeout logging
`TUNNELING`	Encrypts Tunnel-Password and resolves hints from client

FSM Tables

Table 27-3 “Predefined FSM Tables” lists the various FSM tables you can use.

Table 27-3 Predefined FSM Tables

Filename	Function
`/etc/opt/aaa/radius.fsm`	Basic authentication, authorization, and accounting functions
`/opt/aaa/examples/config/merit.fsm`	For use with legacy applications that require the finite state table used in HP-UX AAA Server versions before A.06.02.
`/opt/aaa/examples/config/logall.fsm`	Logs all accounting messages in Merit-style session logs.
`/opt/aaa/examples/config/proxyacct.fsm`	Template file that allows accounting messages to be logged at a remote proxy server.
`/opt/aaa/examples/config/DNIS.fsm`	Template file that adds an example of DNIS routing to default.fsm
`/opt/aaa/examples/config/DAC.fsm`	Template file that adds an example of dynamic access control (DAC) to default.fsm
`/opt/aaa/examples/config/sqlacess-acct.fsm`	Sample FSM file required to implement accounting without session management using SQL access
`/opt/aaa/examples/config/sqlaccess-acct-sess.fsm`	Sample FSM file required to implement accounting with session management using SQL access

To use any of the above predefined state tables for the HP-UX AAA Server, copy the required .fsm file to /etc/opt/aaa/radius.fsm and start the HP-UX AAA Server.




	NOTE: The product is installed with `logall.fsm` as `radius.fsm` in `/etc/opt/aaa/`.

Actions

Technical documentation

» Table of Contents

» Glossary

» Index

FSM Tables