System Administration Guide: IP Services

GlobalSecurityParameters Section

The GlobalSecurityParameters section contains the labels maxClockSkew, HA-FAauth, MN-FAauth, Challenge, and KeyDistribution. This section has the following syntax:


[GlobalSecurityParameters]
     MaxClockSkew = n
     HA-FAauth = <yes/no>
     MN-FAauth = <yes/no>
     Challenge = <yes/no>
     KeyDistribution = files

The Mobile IP protocol provides message replay protection by allowing timestamps to be present in the messages. If the clocks differ, the home agent returns an error to the mobile node with the current time and the mobile node can register again by using the current time. You use the MaxClockSkew label to configure the maximum number of seconds that differ between the home agent and the mobile node's clocks. The default value is 300 seconds.

The HA-FAauth and MN-FAauth labels enable or disable the requirement for home-foreign and mobile-foreign authentication, respectively. The default value is disabled. You use the challenge label so that the foreign agent issues challenges to the mobile node in its advertisements. The label is used for replay protection. The default value is disabled here, also.

The following table describes the labels and values that you can use in the GlobalSecurityParameters section.

Table 29–2 GlobalSecurityParameters Section Labels and Values

Label 

Value 

Description 

MaxClockSkew

n

The number of seconds that mipagent accepts as a difference between its own local time and the time that is found in registration requests

HA-FAauth

yes or no

Specifies if HA-FA authentication extensions must be present in registration requests and replies

MN-FAauth

yes or no

Specifies if MN-FA authentication extensions must be present in registration requests and replies

Challenge

yes or no

Specifies if the foreign agent includes challenges in its mobility advertisements

KeyDistribution

files

Must be set to files