Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.00 Administration and Authentication Guide: HP-UX 11.0, 11i v1 > Chapter 15 Configuration Files

las.conf
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The las.conf file contains a list of configuration items for the LAS (the local authorization server code that controls realm-based authorization). These items are organized into several sections described below. There are configuration sections for realms, token pools, and generic LAS configuration items. These sections do not have to maintain a particular order; however, you must define an item (a token pool, for example) before it may be referenced.

CAUTION: You only need to edit the las.conf file by adding a realm entry if you wish to include token pools or define session timing parameters, which are not configurable through the Server Manager graphic interface. When defining realm attributes in the Server Manager graphic interface, the Session Tracking radio buttons automatically add (Yes) or remove (No) a realm las.conf entry. If you add a realm entry by editing this file directly, and then select the No Session Tracking radio button, and save the change, the las.conf realm entry will be deleted.
IMPORTANT: Configuration files have maximum input line length of 255 characters. No checking is done to insure that a configuration statement has not exceeded this limit. In addition, all configuration files must end with a new line.

LAS Session Timing Parameters

You can override the default values for built-in parameters related to session timing.

Table 15-4 Default LAS Session Timing Parameters

Parameter Default in Seconds Description
Session-Hold-Time 45 Session-Hold-Time tells LAS how long to wait for an Accounting-Start message from the NAS. After this many seconds, a session is moved into not-confirmed state, in which it is not counted as a 'simultaneous session'.
Session-Kill-Time 300
(5 minutes)		Session-Kill-Time tells LAS when to remove a session when it is in the Not-Confirmed, Disconnected, Rejected, Collided, or Rebooted state.
Session-Check-Time 300
(5 minutes)		Session-Check-Time is the time interval to check session table.
Session-Clear-Time 172800
(48 hours)		Session-Clear-Time tells when to remove a session when it is in suspended state.
Session-Idle-Time 915
(15 minutes and 15 seconds)		Session-Idle-Time tells LASCP AATV how long to wait for checkpoint messages before suspending a session.
Session-Update-Time 5 Session-Update-Time specifies how often status of sessions are to be updated.
Token-Hold-Adjustment 5 Token-Hold-Adjustment specifies how long a token may be held after a session is accepted yet no confirmation is received after the request is released by the engine. A token may be held up to hold time (<30 seconds) plus Token-Hold-Adjustment.
Auto-Save 300
(5 minutes)		Auto-Save is the interval for the LAS to save the session table if there's any change.

 

Tokenpool Configuration

This section lists zero or more token pools and the number of tokens for each token pool. Zero is a legal value for a token pool. Token pools are used for limiting the total number of simultaneous sessions for a given realm.

Syntax of tokenpool configuration

Tokenpool
   token-pool-Name number-of-tokens
   . . .
End-Tokenpool
token-pool

Names the token pool

number-of-tokens

specifies the number of tokens in the token pool.

Example 

Tokenpool 
   Sample-pool     4 
End-Tokenpool

Realm Configuration

This section lists zero or more realms by name and, optionally, any services, token pools or any custom AATV support for a realm. A realm entry las.conf is required to perform session tracking. Also, the default server behavior is to log accounting messages locally, whether the server processes Access-Request messages locally or sends them to a proxy server. If a realm entry exists in las.conf, the server will send accounting messages to the server that processed the authentication for the corresponding user. las.conf realm entries must have corresponding realm entries Server Manager's Define Realm screen, which can be accessed through the Local Realms link.

Syntax of Realm configuration

Realm   realm-name
   Authorization   LAS-authorization-AATV
   Accounting      LAS-accounting-AATV
 
   Service              number-of-services
        service-name
        service-name
        . . .
   End-Service
 
   Tokenpool       number-of-tokenpools
        Token-pool-name       max-number-of-tokens
        Token-pool-name       max-number-of-tokens
        . . .
   End-Tokenpool
End-Realm
Realm

defines a name for the realm.

Authorization

specifies the AATV for performing authorization. The default is LASGEN.

Accounting

specifies the AATV to use for user accounting. The default is GENACCT.

Service

specifies the number of services supported by the realm and lists the names of the defined services to support.

Tokenpool

specifies the token pools supported by the realm and lists the token pools by following the syntax: 

    Token-pool-name    max-number-of-tokens

  • A Token-pool-name is the name of a defined token pool.

  • max-number-of-tokens specifies how many tokens a realm may use.



dictionary
  		 


vendors  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.