Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.00 Administration and Authentication Guide: HP-UX 11.0, 11i v1 > Chapter 1 Overview: The HP-UX AAA Server

Product Structure
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The HP-UX AAA Server, based on a client/server architecture, consists of three components which may be installed independently:

  • HP-UX AAA Server daemon, libraries and utilities

  • The AAA Server Manager program that performs administration and configuration tasks from a web browser for one or more AAA servers

  • AAA Server module for Oracle authentication

  • Documentation

The exchange of configuration information between a remote AAA server and the AAA Server Manager program is validated by a shared secret. This secret is unique to the Server Manager and a remote AAA server. It should not be the same secret used by a AAA server and the peers that it communicates with. The exchange of information between a browser and the client program is not validated or encrypted by default, although you can configure HTTPS to secure this communication.

NOTE: To secure the communication between the Server Manager and HP-UX AAA Server, install the Server Manager and the HP-UX AAA Server inside a secure network.

AAA Servers

AAA server installations include the AAA server, which performs the authentication, authorization, and accounting functions to process requests, and RMI objects. The RMI objects establish a connection and facilitate communication between the AAA server and the HP-UX Tomcat-based Serverlet Engine.

AAA Server Manager Program

The AAA Server Manager utilizes the HP-UX Tomcat-based Serverlet Engine to provide a configuration interface between a web browser and one or more AAA servers. The Server Manager program is used for starting, stopping, configuring, and modifying the servers. In addition, Server Manager can retrieve logged server sessions and accounting information for an administrator.

Accessing the Server Manager

The Server Manager provides access to AAA server management functions and configuration files. From a remote client workstation, administrators can access the AAA Server Manager interface through a Web browser. An administrator can create a AAA configuration for authenticating users and implementing authorization policies. In addition to creating, modifying, and deleting entries in many of the server's configuration files, an administrator may start and stop the AAA server, access the server's status and system time, retrieve information from accounting and session logs, and terminate sessions. You can access the functions that perform these operations by selecting an item from the Navigation Tree located in the left frame of the HTML page.

Figure 1-5 The Server Manager User Interface

The Server Manager User Interface

Browser Requirements for Server Manager

You need one of the following Web browsers to access the Server Manager:

  • Netscape® Navigator 4.76 (or higher)

  • Microsoft® Internet Explorer 5.0.5 (or higher)

The browser preferences or Internet options should be set to always compare loaded pages to cached pages. HP recommends these versions because of known problems in earlier versions.

Securing Server Manager Communication with HTTPS

Use the following steps to configure https:

  1. Uncomment the following lines in /opt/hpws/tomcat/conf/server.xml:

    Commented

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <!--
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="10" debug="0" scheme="https" secure="true"
    useURIValidationHack="false">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" />
    </Connector>
    -->

    Uncommented

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="10" debug="0" scheme="https" secure="true"
    useURIValidationHack="false">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" />
    </Connector>

  2. Uncomment the following lines in /opt/hpws/tomcat/conf/web.xml:

    Commented

    <!-- The mapping for the invoker servlet -->
    <!--
    <servlet-mapping>
    <servlet-name>invoker</servlet-name>
    <url-pattern>/servlet/*</url-pattern>
    </servlet-mapping>
    -->

    Uncommented

    <!-- The mapping for the invoker servlet -->

    <servlet-mapping>
    <servlet-name>invoker</servlet-name>
    <url-pattern>/servlet/*</url-pattern>
    </servlet-mapping>

  3. Configure the Server Manager user name and password. Open /opt/hpws/tomcat/conf/tomcat-users.xml. Add your user name and password in the following syntax:
    <user username="specify" password="specify" roles="tomcat"/>

    Enter your values where "specify" is in the previous example.

  4. Generate keys with the password value of changeit for the certificate and keystore by using the following:
    # $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

  5. Execute the following command:
    # export PATH=$PATH:/JAVA_HOME/jre/lib/ext

  6. Stop and restart the HP-UX Tomcat-based Serverlet Engine. See the "Starting and Stopping Server Manager" section in the HP-UX AAA Server A.06.00 Getting Started Guide.

  7. Point your web browser to: https://<FQDN>:8443/aaa



RADIUS Overview
  		 


HP-UX AAA Architecture  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.