HP-UX AAA Server A.07.01 Administrator's Guide

For more information on OATH and the HOTP algorithm, see the following web

addresses:

• http://www.openauthentication.org/

• ftp://ftp.rfc-editor.org/in-notes/rfc4226.txt

HP-UX AAA Server and OATH Support

The HP-UX AAA Server supports the OATH standards sequence-based OTP

authentication, which enables the HP-UX AAA Server to interoperate with other OATH

compliant clients.

Normally, the authentication process used by the HP-UX AAA Server is confined to

validating the user password against the password stored in the database. However,

with OTP support, the HP-UX AAA Server can now perform the following additional

functions:

• Validate the OTP

• Proxy the OTP or password to an external RADIUS server for OTP or password

validation

The OATH standards-based OTP authentication feature enables the HP-UX AAA Server

to offer the following benefits:

• Secures the applications by providing an additional factor (OTP)

• Provides a low-cost solution for implementing OATH standards-based

authentication

• Provides compatibility with different types of client devices

• Offers flexibility to configure OATH standards-based OTP authentication for

various deployment scenarios

Figure 16-1 illustrates the role of the HP-UX AAA Server and its components in handling

OTP, or OTP and password authentication requests.

Figure 16-1 OATH Standards-Based OTP Authentication Flow and the HP-UX AAA Server.

Following is the OTP authentication process flow:

HP-UX AAA Server and OATH Support 163