Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.07.00 Administrator's Guide: HP-UX 11i v1, 11i v2, and 11i v3 > Chapter 3 Installing and Securing the HP-UX AAA Server

HP-UX AAA Server File Locations
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Although HP-UX AAA Server can be run as root user, HP recommends running it as a non-root user.

A user and group, both named aaa, is created during installation. The HP-UX AAA Server can be run as non-root user, using the default aaa user created during installation, or any other user who is part of the aaa group.

IMPORTANT: Do not remove the default login aaa and group aaa created during installation, even if you prefer not to use them.

Table 3-1 File Locations Upon Installation

Directory

File

/opt/aaa/aatvServer modules and plug-ins
/opt/aaa/bin

Server daemons and utilities:

  • db_srv: Oracle client daemon for the ORACLE authentication module

  • las.test.sh: script to create simulated sessions for testing

  • radcheck: AAA Server test utility (like the ping command)

  • raddbginc: controls server debug output

  • radsignal: controls server debug output and rolls over the server log file and accounting stream

  • radiusd: AAA Server executable

  • radpwtst: AAA test client utility

  • start_db_srv.sh: script to start the Oracle client daemon

  • stop_db_srv.sh: script to stop the Oracle client daemon

/opt/aaa/examples/config

Finite state machine, group policy example files:

  • *.fsm: Sample FSM tables

  • sqlaccess-acct.fsm: Sample FSM required to implement accounting without session management using SQL Access

  • sqlaccess-acct-sess.fsm: Sample FSM required to implement accounting with session management using SQL Access

  • *.grp: Sample decision files

/opt/aaa/examples/sqlaccess/
mysql-1

Configuration files and scripts that enable the HP-UX AAA Server to use an ODBC client to interact with a MySQL database:

  • sqlaccess.config: Sample configuration file that defines database connections, SQL statements, and RADIUS - database mappings

  • dbsetup.sql: Script that creates the database tables for the sample configuration and inserts a test user in a database table

NOTE: Refer to Chapter 17 “SQL Access” for details on using the SQL Access feature.
/opt/aaa/examples/sqlaccess/
oracle-1

Configuration file and script that enable the HP-UX AAA Server to use an OCI client to interact with an Oracle database server:

  • sqlaccess.config: Sample configuration file that defines database connections, SQL statements, and RADIUS - database mappings

  • dbsetup.sql: Script that creates the database tables for the sample configuration and inserts a test user in a database table

NOTE: Refer to Chapter 17 “SQL Access” for details on using the SQL Access feature.
/opt/aaa/lib/dbcon/alternate

Connector libraries that enable HP-UX AAA Server to communicate with supported database clients:

  • libdbcon_oci.so: OCI client connector library

  • libdbcon_odbc.so: MySQL Unix ODBC client connector library

NOTE: Refer to Chapter 17 “SQL Access” for details on using the client connector libraries.
/opt/aaa/examples/oracle

Scripts to create and modify tables in the Oracle database used by the ORACLE authentication module:

  • create.sql: SQL script to create Oracle users table

  • delete.sql: Sample SQL script to delete Oracle user records

  • insert.sql: Sample SQL script to add Oracle user records

/opt/aaa/examples/proldapLDAP schema and sample LDIF files
/opt/aaa/lib

Shared libraries:

  • libradlib.sl: Contains functions that interface with the main server

  • librpilib.sl: Contains functions for programs and utilities

  • libjniAgent.sl: Contains functions for Server Manager.

NOTE: Shared library files have .so file extensions on HP-UX 11i v2 (B.11.23) and HP-UX 11i v3 (B.11.31).
/opt/aaa/newconfigDefault configuration files. Files residing here are copied to /etc/opt/aaa directory during installation.

/etc/opt/aaa/security/

Directory containing a unique set of self-signed digital certificates created during installation.

/opt/aaa/share/man/man5 and ~/man1mDirectories where manpages are installed

/opt/aaa/share/doc/

Directory containing Administrator’s Guide and product documentation.

/etc/opt/aaa

Configuration files:

  • aaa.config: runtime and tunneling configuration file

  • authfile: realm to authentication-type mapping file

  • clients: client to shared secret mapping file

  • db_srv.opt: configuration script for db_srv environment variables

  • dictionary: definition file required by the radiusd daemon

  • las.conf: authorization and accounting configuration file

  • log.config: session logging configuration file

  • radius.fsm: external FSM table for the server

  • users: holds user security profiles and reply items

  • vendors: holds Internet Assigned Numbers Authority (IANA) numbers and other vendor specific details

  • engine.config: stores most of the AAA server properties.

  • EAP.authfile: configures EAP authentication for user profiles

  • iaaaAgent.conf: specifies how often the AAA server’s SNMP subagent will check to see if a master agent is active

  • aaa.config.license: Do not alter this file

  • RADIUS-ACC-SERVER-MIB.txt: describes RADIUS Accounting MIB definitions.

  • RADIUS-AUTH-SERVER-MIB.txt: describes RADIUS Authentication MIB definitions.

 

Table 3-2 “Files Generated During Operation” lists the files generated during operation and located in /var/opt/aaa/ by default:

Table 3-2 Files Generated During Operation

Directory

File
/acct/session.yyyy-mm-dd.logDefault session accounting logs, Merit style
/data/session.lasCurrently active sessions log file
/ipc/*.sm

Shared memory files related to the interface used for some authentication types.

IMPORTANT: You must not alter or delete the shared memory (*.sm) files. The server does not operate correctly if the files are changed or removed from the ipc directory.
/logs/logfileThe server log file
/logs/logfile.yyyymmddCompressed daily or weekly log files
/radacct/*For session accounting logs in Livingston call detail records directory style format (not generated by default configuration)
/run/radius.pidContains the process id (pid) for the server.

 



Installing and Uninstalling the HP-UX AAA Server
  		 


Securing the HP-UX AAA Server  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.