Starting with HP-UX AAA Server A.08.00.01 release, EAP-LEAP
AATV is obsolete. The EAP-LEAP authentication method is replaced by
the EAP-PEAP authentication method. HP recommends that you use EAP-PEAP
in place of EAP-LEAP for improved security. Unlike EAP-LEAP, EAP-PEAP
supports mutual authentication and uses an encrypted tunnel to transmit
the user's credentials.
If you have configured a realm for EAP-LEAP authentication,
remove the realm entry from the /etc/opt/aaa/authfile and /etc/opt/aaa/EAP.authfile and re-configure
the realm. For information on EAP-PEAP, see Chapter 13 “Securing LAN Access With EAP”.
Starting with HP-UX AAA Server A.08.00.01 release, the Oracle
authentication module is obsolete. The Oracle authentication module
is supported using SQL Access. HP
recommends that you set up your HP-UX AAA Server to interact with
the Oracle database using the SQL Access feature.
If you have configured a realm for ORACLE authentication, remove
the realm entry from the /etc/opt/aaa/authfile and /etc/opt/aaa/EAP.authfile and re-configure
the realm. For Database via SQL using the HP-UX AAA Server Manager,
see Chapter 8 “Configuring Realms”. For information on how to implement SQL Access, see Chapter 22 “SQL Access”.
Starting with HP-UX AAA Server A.08.00.01 release, the SecurID
authentication is obsolete. The SecurID authentication is replaced
by the Open AuTHentication (OATH) standards-based One-Time Password
(OTP) authentication. OATH is an industry-wide collaboration to develop
open-reference architecture for strong authentication. The OATH standards-based
OTP authentication solution supports hardware and software tokens
from multiple vendors.
If you have configured a realm for SecurID authentication, remove
the realm entry from the /etc/opt/aaa/authfile and the /etc/opt/aaa/EAP.authfile and re-configure
the realm. For information on OATH standards-based authentication,
see Chapter 16 “OATH Standards-Based OTP Authentication”.
No migration is required. If you have modified /etc/opt/aaa/dictionary, and want to use SQL Access, OTP authentication, or pre-defined
policy hooks in the FSM, merge the dictionary file. For information on merging the dictionary file, see “Merging the Dictionary File”.
If you have modified the radius.fsm file,
and you want to use OTP authentication, Dynamic Authorization, EAP-SIM,
EAP-AKA, or use pre-defined policy hooks in the FSM, merge the radius.fsm file. For information on merging the radius.fsm file, see “Merging the radius.fsm File”.
If you have configured realms with LDAP as the back end, and
you want to enable CIS search, then you must specify the Filter-Type
in the realm configuration in the authfile as
follows:
<realm name> -DEFAULT ProLDAP ""
{
Filter-Type CIS
Directory "directory_name"
{
Host <ldap-server-hostname>
Port <ldap-server-port>
Administrator <ldap-server-administrator>
Password <Password>
Searchbase <search-base>
Authenticate <auto | search | bind>
}
}Additions have been made to the vendors file in this version of the HP-UX AAA Server. If you have modified
the vendors file, you must merge the vendors file. For information on merging the vendors file, see“Merging the vendors File”.
Printable version
