Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.08.00.01 Administrator’s Guide: HP-UX 11i v2 and HP-UX 11i v3 > Chapter 8 Configuring Realms

Adding a Realm
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

To add a realm entry, complete the following steps:

  1. From the navigation tree, click Local Realms.

    The Local Realms screen appears as shown in Figure 8-1.

  2. To add a new realm, click the icon.

    The Add Local Realm screen appears as shown in Figure 8-2.

    Figure 8-2 Server Manager’s Local Realm Attributes Screen

    Server Manager’s Local Realm Attributes Screen

  3. Complete the form on the Local Realm Attributes screen according to the information given in Table 8-1.

    Table 8-1 Fields in the Local Realm Attributes Form

    Option

    		Function

    Name

    Name of the realm that must be mapped. This name does not have to be a DNS host name. However HP recommends that the realm name match a domain name. The user will then be able to recognize the user@realmsyntax that resembles their email address.

    User Authentication

    Identifies the authentication method used for the realm:

    • Enable EAP: Select this option if user authentication by an EAP challenge is required. Select one or more EAP types.At least one authentication method must be selected. For PEAP (EAP-GTC), you must configure the NULL realm.

      The PEAP version ‘0’ only checkbox is displayed if you select PEAP(EAP-GTC), PEAP(EAP-MSCHAP), or PEAP(EAP-MD5). Select this checkbox if your supplicant uses the PEAP version 0 protocol.

    • Enable RADIUS Standard: Default. Select this option if user authentication via password checking is required.

    If Enable EAP and Enable RADIUS Standard are selected, authentication is carried out based on the Authentication-Type configuration attribute set in the RADIUS request.

    User Profile Storage

    To indicate the location where the AAA server must retrieve user profiles:

    • users: Choose this option to store user information locally in AAA Server flat files. Choosing this option allows you to administer user information with Server Manager. Server Manager can administer user information stored locally in the AAA Server flat files only.

    • Database Access via SQL or LDAP Server: Choose this option if the user profile information is stored in an external database. See the individual chapters for more information.

    • OS Security Database: HP-UX operating system HP-UX operating systems use a number of repositories or “databases” to store information about hosts, users, passwords, etc. User password lookup is performed through the name-service switch configured in /etc/nsswitch.conf. See the nsswitch.conf man page for more information.

    • No Store: EAP-TLS Certificates: Choose this option if you are using TLS and do not want to store user information. If you are using TLS, you are not required to store user information because the TLS certificates provide the user information needed for authentication.

    • No Store: Allow All Users: Choose this option to allow all requests from a realm.

    • No Store: Deny All Users: Choose this option to deny all requests from a realm.

    User Storage Parameters

    		Identifies the location, access, and policy parameters for the selected User Profile Storage.

    Alias

    Optional. A paranthesized list of one or more aliases, delimited by commas. Each realm alias is equivalent to the realm name. An alias is provided for user convenience or other purposes, such as to save typing when logging on to your network. Aliases are allowed on wild card entries and are interpreted as meaning *.alias.

    Filter ID

    Optional. Allows the specification of a packet filter name to be associated with authentication through this realm name. It overrides any explicit filter name specified in a user profile.

    Session Tracking

    Optional. Determines if session tracking is enabled for a realm. When you enable session tracking, accounting records are generated for a realm and active sessions can be searched using the Session option on the navigation tree.

     

    NOTE: The EAP-LEAP authentication method is obsolete in this release of the HP-UX AAA Server. The EAP-LEAP authentication method is replaced by the EAP-PEAP authentication method. HP recommends that you use EAP-PEAP in place of EAP-LEAP for improved security. Unlike EAP-LEAP, EAP-PEAP supports mutual authentication and uses an encrypted tunnel to transmit the user's credentials.

    The SecurID authentication is obsolete in this release of the HP-UX AAA Server. The SecurID authentication can be replaced by Open AuTHentication (OATH) standards-based One-Time Password (OTP) authentication. OATH is an industry-wide collaboration to develop open-reference architecture for strong authentication. The OATH standards-based OTP authentication solution supports hardware and software tokens from multiple vendors. For more information on OATH standards-based OTP authentication solution, see Chapter 16

    The Oracle authentication module is obsolete in this release of the HP-UX AAA Server. The Oracle authentication module is supported using SQL Access. HP recommends that you set up your HP-UX AAA Server to interact with the Oracle database using the SQL Access feature. For more details on implementing SQL Access, see Chapter 22

  4. To add a new realm, click Create to submit the new realm to the Server Manager.

    To return to the Realms screen without making any changes to your server configuration, click Cancel.



Using the Local Realms Screen
  		 


Modifying Realms  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.