HP-UX AAA Server A.07.01 Release Notes

HP-UX AAA Server A.07.01 Release
Notes
HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i
v3
HP Part Number: T1428-90067
Published: September 2008
Copyright © 2002–2008 Hewlett-Packard Development Company, L.P.
Confidential computer software. Valid license required from HP for possession, use or copying. Consistent with FAR 12.211 and
12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are
licensed to the U.S. Government under vendor’s standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set
forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as
constituting additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
UNIX is a registered trademark of The Open Group.
Java™ is a US trademark of Sun Microsystems.
Microsoft®, Windows ®, and Windows NT ® are U.S. registered trademarks of Microsoft Corporation.
Oracle ® is a registered US trademark of Oracle Corporation, Redwood City, California.
OpenLDAP ® is a registered trademark of the OpenLDAP Foundation
Netscape Navigator ™ is a registered trademark of Time Warner, Inc.
Table of Contents
1 HP-UX AAA Server A.07.01 Release Notes....................................................................................5
Product Overview................................................................................................................5
Product Features.............................................................................................................5
What is New in This Version................................................................................................7
OATH Standards-Based OTP Authentication.................................................................7
Web-Based User Database Administration Manager.....................................................9
HP-UX AAA Server SDK................................................................................................9
Advanced Policy Engine...............................................................................................10
Fixes Included in the HP-UX AAA Server A.07.01............................................................10
Obsolescence of Features....................................................................................................11
EAP-LEAP.....................................................................................................................11
Oracle Authentication...................................................................................................12
SecurID authentication..................................................................................................12
Known Problems and Limitations in HP-UX AAA Server A.07.01...................................12
Known Problems...........................................................................................................12
Known Limitations........................................................................................................13
Supplicant Support and Interoperability...........................................................................14
Cisco Secure Services Client Version 5.0.......................................................................14
Juniper Networks Odyssey Access Client Version 4.7..................................................14
Microsoft for Windows 2000 (with SP4), Windows XP (SP1 or SP2), and Windows
Vista...............................................................................................................................14
OATH-Compliant OTP Generators and Interoperability...................................................15
Hard Tokens..................................................................................................................15
Software (Soft Token)....................................................................................................15
Product Documentation.....................................................................................................15
The Secure LAN Advisor..............................................................................................16
Installation Requirements...................................................................................................16
Hardware and Operating Systems Requirements........................................................16
System Resource Requirements....................................................................................16
Product Requirements...................................................................................................16
Patch Requirements.......................................................................................................17
Web Browser Requirements..........................................................................................18
LDAP Compatibility......................................................................................................18
SQL Access Requirements.............................................................................................18
User Database Administration Manager Requirements...............................................19
Availability in Native Languages.......................................................................................19
Table of Contents
3
List of Tables
1-1
1-2
1-3
1-4
1-5
1-6
1-7
4
Supported IEFT RFCs...................................................................................................7
Certified Hard Tokens and their Vendors...................................................................15
Documentation Installed with the HP-UX AAA Server.............................................15
Product Requirements.................................................................................................17
Patch Requirements.....................................................................................................17
SQL Access Requirements for HP-UX AAA Server A.07.01.......................................18
.....................................................................................................................................19
List of Tables
1 HP-UX AAA Server A.07.01 Release Notes
This document discusses the most recent product information on HP-UX AAA Server
A.07.01. HP-UX AAA Server A.07.01 is supported on HP-UX 11i v1 (B.11.11), HP-UX
11i v2 (B.11.23), and HP-UX 11i v3 (B.11.31).
This document addresses the following topics:
• “Product Overview” (page 5)
• “What is New in This Version” (page 7)
• “Fixes Included in the HP-UX AAA Server A.07.01” (page 10)
• “Known Problems and Limitations in HP-UX AAA Server A.07.01” (page 12)
• “Supplicant Support and Interoperability” (page 14)
• “OATH-Compliant OTP Generators and Interoperability” (page 15)
• “Product Documentation” (page 15)
• “Installation Requirements” (page 16)
• “Availability in Native Languages” (page 19)
Product Overview
The HP-UX AAA Server utilizes the industry standard Remote Authentication Dial-In
User Service (RADIUS) protocol and Extensible Authentication Protocol (EAP) to
provide standards-based user authentication, authorization, and accounting services
to network devices and software applications.
The HP-UX AAA Server can be utilized for securing wired and wireless LAN access,
provide authentication and accounting for Virtual Private Network (VPN) gateways,
firewalls and other network devices, and to enhance the security of RADIUS-enabled
software applications in Enterprise and Service Provider environments.
Product Features
The HP-UX AAA Server includes the following features:
• OATH Standards-Based OTP and Two-Factor Authentication: Provides Open
AuTHentication (OATH) standards-based One-Time Password (OTP)
authentication for additional security to networks from phishing attacks,
unauthorized network access, and identity theft. OATH standards-based OTP
authentication in the HP-UX AAA Server can be customized easily to suit various
deployment scenarios. Typically, OTP is used to provide two-factor authentication.
•
Web-Based User Database Administration Manager: Provides a customizable
web interface that can be used to manage user and token information stored in a
SQL database.
•
HP-UX AAA Server SDK: Server Plug-in Software Developer's Kit (SDK) for
customizing and extending the features of the HP-UX AAA Server. It enables the
Product Overview
5
creation of plug-ins to customize the implementation of the HP-UX AAA Server.
The HP-UX AAA Server SDK is now provided with the HP-UX AAA Server.
6
•
Advanced Policy Engine: An updated policy engine that provides extended syntax
for complex policy actions to manipulate RADIUS requests and replies based on
attribute content. The default policy files enable the administrator to execute
policies without customizing the Finite State Machine (FSM). This feature includes
substring manipulation.
•
Common Database Interface: Supports HP-UX AAA Server interaction with
supported databases via the SQL Access AATV and database client connector
libraries.
•
EAP Support for Authenticated LAN Access: Secure wired and wireless LANs
using Extensible Authentication Protocol (EAP) to support 802.1x enabled network
access devices. EAP methods supported include PEAP, TTLS, TLS, LEAP, GTC,
MSCHAPv2, and MD5.
•
Multi-Server Session Management: Supports user, group, or custom limits on
concurrent logins to limit simultaneous sessions. Customizable shared session
management for multiple HP-UX AAA Servers is supported via the SQL Access
feature.
•
IP Address Management: DHCP interface for centralized administration of IP
Address assignment.
•
IPv6 Support: Supports RADIUS IPv6 attributes with HP-UX 11i v1, HP-UX 11i
v2, and HP-UX 11i v3 operating systems. This feature also supports RADIUS
communication over IPv6 transports with HP-UX 11i v2 and HP-UX 11i v3
operating systems.
•
SNMP Support: Effectively integrate and manage HP-UX AAA Servers with
SNMP compliant network management tools.
•
LDAP Integration: Supports user profile storage and authentication using LDAP
Version 3–compliant directories with request load balancing and failover.
•
Web-based Administration: The Server Manager web-based administration utility
provides management and configuration of multiple HP-UX AAA Servers sharing
a common configuration set.
•
Secure LAN Advisor: Utility inside the Server Manager administration tool to
help plan, configure, and deploy authenticated LAN access via 802.1x and EAP.
•
Robust RADIUS Proxy Capabilities: Forwards authentication and accounting
requests to other RADIUS servers by DNS, realm, or custom criteria with
configurable retry and time-out periods.
HP-UX AAA Server A.07.01 Release Notes
•
Multi-vendor RADIUS Client Support: Includes pre-defined attribute mappings
for leading network access vendors and a customizable vendor dictionary to
support a wide range of RADIUS clients.
•
Flexible and Customized Session Logging: Customize session logs to capture the
desired volume of session and accounting information. Session logging formats
for Merit (default) and Livingston CDR Standard are included. Logging directly
to the database, including shared accounting for multiple HP-UX AAA Servers is
also supported via the SQL Access feature.
•
IETF RADIUS RFC Standards: Supports the following IETF RFCs:
Table 1-1 Supported IEFT RFCs
RFC#
RFC Title
2284
PPP Extensible Authentication Protocol (EAP)
2619
RADIUS Authentication Server MIB
2621
RADIUS Accounting Server MIB
2716
PPP EAP-TLS Authentication Protocol
2865
Remote Authentication Dial-In User Service (RADIUS)
2866
RADIUS Accounting
2867
RADIUS Accounting Modifications for Tunnel Protocol Support
2868
RADIUS Attributes for Tunnel Protocol Support
2869
RADIUS Extensions
3162
RADIUS and IPv6
4226
HOTP: An HMAC-Based One-Time Password Algorithm
What is New in This Version
HP-UX AAA Server version A.07.01 includes the following new and enhanced features:
• “OATH Standards-Based OTP Authentication”
• “Web-Based User Database Administration Manager”
• “HP-UX AAA Server SDK”
• “Advanced Policy Engine”
OATH Standards-Based OTP Authentication
HP-UX AAA Server A.07.01 now supports OATH standards-based OTP authentication,
which can be used for two-factor authentication.
What is New in This Version
7
OATH is an industry-wide collaboration to develop open-reference architecture for
strong authentication. The OATH consortium has developed a set of open royalty-free
algorithms for one-time password authentication. The OATH standards-based OTP
authentication solution uses the HMAC sequence-based One-Time Password (HOTP)
algorithm to generate an OTP, using a secret key and a sequence counter.
The HP-UX AAA Server supports OATH standards HOTP algorithm to generate and
validate OTP, which enables the HP-UX AAA Server to interoperate with other
OATH-compliant HOTP algorithm-based OTP generators.
Normally, the authentication process used by the HP-UX AAA Server is confined to
validating the user password against the password stored in the database. However,
with OTP support, the HP-UX AAA Server can now perform the following additional
functions:
• Validate the OTP
• Proxy the OTP to another RADIUS server for OTP validation
• Generate OTP that can be delivered to target users through secondary channels
using e-mail, SMS, FTP and so on.
The OATH-based OTP authentication feature provides the HP-UX AAA Server with
the following benefits:
• Secures applications by providing an additional factor (OTP)
• Provides a low-cost solution for implementing OATH standards-based OTP
authentication
• Offers flexibility to configure OATH standards-based OTP authentication for
various deployment scenarios
• Provides compatibility with different types of OATH-compliant OTP generators
The OATH standards-based OTP authentication feature uses default FSM, and SQL
Access AATV and its components, such as database schema and sqlaccess.conf
files, client connector libraries for supported database clients, to retrieve and update
the token information from the SQL database to complete the OTP authentication. This
feature consists of a set of reference implementation files that provide a quick and easy
way to set up a working environment that provides fully functional reference
implementations for basic password and OATH standards-based OTP (two-factor)
authentication. Reference implementations can be used in their current states, or they
can customized to meet your deployment requirements.
8
HP-UX AAA Server A.07.01 Release Notes
The following README files describes how to implement basic two-factor
authentication based on your implementation requirements:
• /opt/aaa/examples/sqlaccess/oracle-1/: To implement basic two-factor
authentication using the Oracle database server and OCI client, when the token
information is stored in the Oracle database.
• opt/aaa/examples/sqlaccess/mysql-1/: To implement basic two-factor
authentication using the MySQL database server and MySQL Unix ODBC client,
when the token information is stored in the MySQL database.
NOTE: The HP-UX AAA Server supports only the token information that is stored
in the SQL database.
IMPORTANT NOTES::
After using the sample reference implementation and before deploying your
implementation in a production environment, default passwords for database user,
test user, and the shared secret of the test user must be changed.
For more information, see the “OATH Standards-Based OTP Authentication” chapter
in the HP-UX AAA Server A.07.01 Administrator’s Guide
Web-Based User Database Administration Manager
The User Database Administration Manager is a web-based interface to manage the
user information stored in the SQL database. This interface is implemented using
HTML, PHP5 , Javascript and can be customized to meet your deployment requirements.
Using this interface, an administrator can add users, modify credentials of users, and
delete user information. The interface also enables the administrator to manage profiles
of users who use OATH standards-based OTP tokens.
For information on how to configure the User Database Administration Manager based
on requirements, see the README file available at:
/opt/aaa/examples/sqlaccess/userdb/
For more information on the User Database Administration Manager, see the “SQL
Access” chapter in the HP-UX AAA Server A.07.01 Administrator’s Guide
HP-UX AAA Server SDK
HP-UX AAA Server A.07.01 supports the SDK to customize the way the HP-UX AAA
Server processes RADIUS requests. This kit is useful in creating plug-ins to extend or
even replace server processes, such as how an authentication or accounting request is
handled. Using this SDK, plug-ins can also be created to handle tasks such as customized
logging of accounting requests, and pre- and post-authentication tasks.
For more information on HP-UX AAA Server SDK, see the HP-UX AAA Server A.07.01
Administrator’s Guide
What is New in This Version
9
Advanced Policy Engine
Advanced Policy Engine is an updated policy engine that provides extended syntax
for complex policy actions to manipulate RADIUS requests and replies based on attribute
content. Policy modules are invoked using the FSM. These modules can be executed
at any time during the processing of the RADIUS packet. The FSM files and the HP-UX
AAA Server are updated with the following predefined policy definition files, which
can be used to define policies without modifying the FSM:
• Request Ingress Policy
• Reply Egress Policy
• Proxy Egress Policy
• Proxy Ingress Policy
The Advanced Policy Engine is compatible with the legacy Group policy syntax. It
enables quick and easy configuration of a variety of dynamic access control policies,
including combinations of time, date, password expiry, and other user-defined attributes.
For more information on Advanced Policy Engine, see the HP-UX AAA Server A.07.01
Administrator’s Guide .
Fixes Included in the HP-UX AAA Server A.07.01
The following defect fixes are included in the A.07.01 release:
QuIX-PCT ID
Description
QXCR1000571844
HP-UX AAA Server A.07.01 supports configuration of the case
matching rule for the local users files.
Prior to the A.07.01 release, there was an inconsistency between
the Server Manager and the server for the case matching rule
for the local users files. The Server Manager supported the case
ignore search only, whereas the server supported case exact
search only. This problem is fixed. The case matching rule for
the local users files for both server and Server Manager can now
be configured.
QXCR1000529400
HP-UX AAA Server A.07.01 supports Secure Socket Layer (SSL)
connection to the Lightweight Directory Access Protocol (LDAP)
server. To establish an SSL connection to the LDAP server, the
relevant option in the Server Manager must be enabled.
Prior to the A.07.01 release, the HP-UX AAA Server did not
support the SSL connection to the LDAP server.
QXCR1000742765
10
HP-UX AAA Server A.07.01 supports the Salted Secure Hash
Algorithm (SSHA) encryption mechanism.
HP-UX AAA Server A.07.01 Release Notes
QXCR1000583869
Session control for tunneled Extensible Authentication Protocol
(EAP) authentications is based on Inner-Identity.
Prior to the A.07.01 release, session control was based on
Outer-Identity.
QXCR1000583867
The HP-UX AAA Server A.07.01 generates only one session for
a tunneled-EAP (PEAP or TTLS) authentication, based on
Inner-Identity.
Prior to the A.07.01 release, the HP-UX AAA Server generated
two sessions for a tunneled EAP (PEAP or TTLS), based on
Inner-Identity and Outer-Identity.
QXCR1000742538
HP-UX AAA Server A.07.01 checks for the Check-items in the
incoming Access-Request, and replies with the Reply-items in
the outgoing Access-Accept response for the EAP Authentication
methods.
Prior to A.07.01 release, the HP-UX Server ignored the
Check-items and Reply-items for the EAP Authenticaiton
methods.
Obsolescence of Features
The HP-UX AAA Server A.07.01 release supports the following authentication methods:
• EAP-LEAP and EAP-PEAP.
• Simple legacy Oracle authentication module and the highly flexible SQL Access.
• RSA SecurID and the emerging Open AuTHentication (OATH) standards-based
One-Time Password (OTP).
Starting with the next release of the HP-UX AAA Server, only the new authentication
methods will be supported. Other authentication methods are deprecated in this release
and will be obsolete in the next release. They are as follows:
EAP-LEAP
The EAP-LEAP authentication method is deprecated in this release and will be obsolete
in the next release of the HP-UX AAA Server. The EAP-LEAP authentication method
is replaced by the new EAP-PEAP authentication method. HP recommends that you
use EAP-PEAP in place of EAP-LEAP for improved security. Unlike EAP-LEAP,
EAP-PEAP supports mutual authentication and uses an encrypted tunnel to transmit
the user's credentials. For more information on EAP-PEAP, see the Securing LAN Access
With EAP chapter in the HP-UX AAA Server A.07.01 Administrator’s Guide at: http://
www.docs.hp.com/en/internet.html#AAA%20Server%20%28RADIUS%29.
Obsolescence of Features
11
Oracle Authentication
The Oracle authentication module is deprecated in this release and will be obsolete in
the next release of the HP-UX AAA Server. The Oracle authentication module is
supported using SQL Access. HP recommends that you set up your HP-UX AAA Server
to interact with the Oracle database using the SQL Access feature. For more information
on implementing SQL Access, see the HP-UX AAA Server A.07.01 Administrator’s Guide
at: http://www.docs.hp.com/en/internet.html#AAA%20Server%20%28RADIUS%29.
SecurID authentication
The SecurID authentication is deprecated in this release and will be obsolete in the next
release of the HP-UX AAA Server. The SecurID authentication can be replaced by Open
AuTHentication (OATH) standards-based One-Time Password (OTP) authentication.
OATH is an industry-wide collaboration to develop open-reference architecture for
strong authentication. The OATH standards-based OTP authentication solution supports
hardware and software tokens from multiple vendors. For more information on OATH
standards-based OTP authentication solution, see the HP-UX AAA Server A.07.01
Administrator’s Guide at: http://www.docs.hp.com/en/
internet.html#AAA%20Server%20%28RADIUS%29.
Known Problems and Limitations in HP-UX AAA Server A.07.01
This section lists the known problems and limitation of the HP-UX AAA Server A.07.01.
Known Problems
•
Decreased RADIUS response time under heavy load due to increased CPU
consumption.
NOTE: This problem occurs with the HP-UX AAA Server A.07.01 on HP 9000
systems running HP-UX 11i v2 or HP-UX 11i v3. HP 9000 systems running HP-UX
11i v1, and HP Integrity® systems running HP-UX 11i v2 or HP-UX 11i v3 are not
affected.
Workaround 1: Utilize the pthread environment variable that minimizes pthread
overhead for the HP-UX AAA Server in the environment where the radiusd
daemon is launched:
$export PTHREAD_FORCE_SCOPE_SYSTEM=ON
Workaround 2: Install the PHCO_35997 pthread library patch on HP 9000 systems
running HP-UX 11i v2, or PHCO_37477 on HP 9000 systems running HP-UX 11i
v3. These patches are available at:
http://itrc.hp.com
•
12
The HP-UX AAA Server leaks memory when the SQL Access feature uses the
MySQL Unix ODBC/MySQL client to interact with a MySQL database.
HP-UX AAA Server A.07.01 Release Notes
NOTE: This problem occurs with the HP-UX AAA Server A.07.01 on HP 9000
systems running HP-UX 11i v2 with the PHSS_31849 (or later) patch only. HP 9000
systems running HP-UX 11i v1 or HP-UX 11i v3, and HP Integrity systems running
HP-UX 11i v2 or HP-UX 11i v3 are not affected.
Workaround: Install PHSS_34858 (linker + fdp cumulative patch) on the HP 9000
system running HP-UX 11i v2, where the radiusd daemon is launched.
•
The User Database Administration Manager is not compatible with HP-UX Apache
Web Server B.2.0.59.00.
Workaround: HP-UX Apache Web Server B.2.0.59.00 does not include DB.php,
which is required for the User Database Administration Manager. Upgrade the
HP-UX Apache Web Server to B.2.0.59.04 or later. The latest version of HP-UX
Apache Web Server is available at:
http://software.hp.com
Known Limitations
•
Using stored procedure output parameters with MySQL databases will result in
NULL values for SQL Access output mappings. Input mappings can be processed
normally with MySQL stored procedures.
Workaround: Utilize direct SQL statements for SQL Actions requiring output data
from MySQL databases.
•
The HP-UX AAA Server does not recognize realm aliases for local realms
configured with local user file storage.
Workaround: Configure separate realms for each alias.
•
The HP-UX AAA Server A.07.01 loads all shared libraries in the /opt/aaa/aatv/
directory when starting. Libraries with unresolved external references will cause
the startup to fail. User-created libraries for previous versions of the product may
also fail during execution. Updating the installation replaces only the libraries
originally installed with the product—any user-created libraries will remain.
Workaround: Remove any user-created shared libraries from the /opt/aaa/
aatv/ directory before starting the HP-UX AAA Server.
•
Unsupported browsers, including Netscape Navigator 7.0 and Mozilla 1.2.X
periodically display various Server Manager icons, buttons, and default values
incorrectly.
Workaround: Use a supported browser version with Server Manager.
Known Problems and Limitations in HP-UX AAA Server A.07.01
13
Supplicant Support and Interoperability
This section lists the supplicants and EAP methods (for each supplicant) certified with
the HP-UX AAA Server A.07.01.
Cisco Secure Services Client Version 5.0
The following EAP methods are certified for the Cisco Secure Services Client (formerly,
Meetinghouse AEGIS SecureConnect) Version 5 supplicant with HP-UX AAA Server
A.07.01:
• EAP-TTLS (PAP, CHAP, MSCHAP, MSCHAPv2, EAP-MD5, EAP-MSCHAPv2)
• LEAP
• EAP-TLS
• PEAP (EAP-GTC, EAP-MSCHAPv2)
The following EAP methods are certified for OATH standards-based OTP authentication
with the Cisco Secure Services Client Version 5.0:
• EAP-TTLS (PAP)
• PEAP (EAP-GTC)
Juniper Networks Odyssey Access Client Version 4.7
The following EAP methods are certified for the Juniper Networks Odyssey (formerly,
Funk Software Odyssey) Access Client Version 4.7 supplicant with the HP-UX AAA
Server A.07.01:
• EAP-TTLS (PAP, CHAP, MSCHAP, MSCHAPv2, EAP-MD5, EAP-MSCHAPv2)
• LEAP
• EAP-TLS
• EAP-MD5
• PEAP (EAP-GTC, EAP-MSCHAPv2)
The following EAP methods are certified for OATH standards-based OTP authentication
with the Juniper Networks Odyssey Access Client Version 4.7:
• EAP-TTLS (PAP)
• PEAP (EAP-GTC)
Microsoft for Windows 2000 (with SP4), Windows XP (SP1 or SP2), and Windows Vista
The following EAP methods are certified for the Microsoft Windows 2000 (with SP4),
Windows XP (SP1 or SP2) and Windows Vista supplicants with the HP-UX AAA Server
A.07.01:
• PEAP (EAP-MSCHAPv2)
• EAP-TLS
14
HP-UX AAA Server A.07.01 Release Notes
OATH-Compliant OTP Generators and Interoperability
This section discusses the HOTP algorithm-based OTP generators (hard token and
software) that are certified for the OATH standards-based OTP authentication with
the HP-UX AAA Server A.07.01.
Hard Tokens
The following table lists the hard tokens that are certified for OATH standards-based
OTP authentication:
Table 1-2 Certified Hard Tokens and their Vendors
Hard Token
Vendor Name
A-Key® 3600 Token
Authenex
Protiva™ 350 Device
Gemalto
Software (Soft Token)
The MobileID v4.50 software, by PortWise, is certified for OATH standards-based OTP
authentication.
Product Documentation
HP-UX AAA Server documentation is available at:
http://www.docs.hp.com
The documents listed in Table 1-3 are also installed with the HP-UX AAA Server.
Table 1-3 Documentation Installed with the HP-UX AAA Server
Document
Location
Text Release Notes
/opt/aaa/README
Administrator’s Guide
/opt/aaa/share/doc/admin.pdf
Man pages
/opt/aaa/share/man/
Secure LAN Advisor Help System
Server Manager administration utility
OATH-Compliant OTP Generators and Interoperability
15
NOTE: The Administrator's Guide may also be accessed via the Server Manager
administration utility
IMPORTANT: Monitor the HP-UX AAA Server documentation for the most recent
product documentation.
The Secure LAN Advisor
The Secure LAN Advisor is an HTML help system in the Server Manager administration
utility that explains the process of securing LANs and WLANs with the HP-UX AAA
Server, using the Server Manager screens and tasks.
The Secure LAN Advisor provides information only, it does not edit configuration
files. Follow the Secure LAN Advisor and use the Server Manager to create and deploy
basic AAA configurations for securing LANs and WLANs. See the HP-UX AAA Server
A.07.01 Administrator’s Guide on http://docs.hp.com for more information.
Installation Requirements
This section lists the HP-UX AAA Server A.07.01 requirements:
Hardware and Operating Systems Requirements
Following are the hardware and operating systems requirements for installing HP-UX
AAA Server A.07.01:
• Hardware: HP 9000 and HP Integrity Servers
• Operating Systems: HP-UX 11i v1, HP-UX 11i v2, or HP-UX 11i v3
• Minimum of 128 MB memory
• 5 GB disk space
System Resource Requirements
Following are the minimum system resources required to install and run HP-UX AAA
Server A.07.01:
• Disk Space: 5 GB
• Memory: 128 MB
Product Requirements
Table 1-4 lists the product requirements for the HP-UX AAA Server A.07.01 on HP-UX
11i v1, HP-UX 11i v2, and HP-UX 11i v3:
16
HP-UX AAA Server A.07.01 Release Notes
Table 1-4 Product Requirements
Product Requirements
HP-UX 11i v1
HP-UX 11i v2
HP-UX 11i v3
Version
Version
Version
1.4.2.x or higher
1.4.2.x or higher
1.4.2.x or higher
HP-UX Tomcat-based Servlet 1.0.03.x or higher
Engine
1.0.10.01 or higher
B.5.5.9.04 or higher
OpenSSL
A.00.09.07e or higher
A.00.09.08d or higher
HP-UX SDK for Java
A.00.09.07e or higher
All the product requirements can be downloaded at the HP Software Depot (http://
software.hp.com) using the following links:
• HP-UX SDK for Java
• HP-UX Tomcat-based Servlet Engine
• OpenSSL from HP
NOTE: HP-UX Tomcat-based Servlet Engine is a component of HPUXWSSUITE on
HP-UX 11i v1 and HP-UX 11i v2. On HP-UX 11i v3, HP-UX Tomcat-based Servlet
Engine version B.5.5.9.04 is available as part of the core operating environment.
Patch Requirements
Table 1-5 lists the patch requirements for the HP-UX AAA Server A.07.01 on HP-UX
11i v1, HP-UX 11i v2, and HP-UX 11i v3.
Table 1-5 Patch Requirements
Patch Requirements
HP-UX 11i v1
HP-UX 11i v2
HP-UX 11i v3
Version
Version
Version
BUNDLE11i
Required (February 2001 Required (Sep. 2004 or
or later)
later)
Not applicable
PHSS_26946 or later
Required
Not applicable
Not applicable
PHCO_31903 or later
Required
Not applicable
Not applicable
Download the patch dependencies from the Patch/Firmware Database in the
maintenance and support for HP products section of HP’s IT Resource Center at http://
www.itrc.hp.com.
Installation Requirements
17
Web Browser Requirements
A Web browser is required to use the Server Manager interface to administer and
configure the HP-UX AAA Servers. Following are the Web browser requirements for
HP-UX AAA Server A.07.01:
• Use only the following web browsers with the HP-UX AAA Server A.07.01—known
interoperability issues exist with other web browser versions:
— Internet Explorer 6.0 or higher with Java 1.4.2.09 or higher
— Mozilla 1.7.12 or higher with Java1.4.x or higher
•
Set the browser preferences (Internet options) to “always compare loaded pages
to cached pages”.
NOTE:
Download Mozilla free of charge from HP at:
http://www.hp.com/products1/unix/java/mozilla/index.html
LDAP Compatibility
The HP-UX AAA Server A.07.01 is designed to interoperate with LDAP version 3
compliant directories. HP has certified the HP-UX AAA Server A.07.01 with the
Netscape Directory Server version 6.2, and OpenLDAP version 2.3.39.001.
NOTE: HP recommends the Netscape/Red Hat Directory Server for environments
requiring high performance and availability.
SQL Access Requirements
The HP-UX AAA Server A.07.01 is designed to interoperate with the Oracle OCI and
ODBC compliant database clients/drivers. The database client/driver products are not
included with the HP-UX AAA server, and must be acquired and installed separately.
In addition, the HP-UX AAA Server provides connectors for the client/driver products.
Connectors for the following database clients/drivers are included with this release:
Table 1-6 SQL Access Requirements for HP-UX AAA Server A.07.01
Vendor
Client
Oracle - OCI
Oracle Instant Client Version 10.2.0.2
MySQL - ODBC
MySQL Unix ODBC Client Version 2.2.11/MySQL Client
5.0.22
For information on obtaining additional connectors for other database clients or drivers,
email aaainfo@cup.hp.com.
18
HP-UX AAA Server A.07.01 Release Notes
User Database Administration Manager Requirements
The User Database Administration Manager is designed to operate with the Apache
Web Server, PHP5, PHP database abstraction layer (PEAR DB) , and Oracle or MySQL
database clients.
HP has certified the User Database Administration Manager with HP-UX Apache Web
Server version 2.0.58.01 to work with the following database clients:
Table 1-7
Product
Version
Oracle Install Client
• 9.2.0.2
• 8.1.7.0
MySQL Client
5.0.22
The database client and driver are not included with the HP-UX AAA Server. They
must be obtained and installed separately.
Availability in Native Languages
The HP-UX AAA Server A.07.01 is currently available in English only.
Availability in Native Languages
19