HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

161

162

163

164

165

166

167

168

169

170

1. The user requests access to a protected resource by sending the user credentials

(password or OTP, or password and OTP), which is encrypted with the shared

secret, to the authenticator.

The OTP can contain either six, seven, or eight digits.

2. The authenticator forwards the request to the HP-UX AAA Server.

3. Based on the configuration, the HP-UX AAA Server splits the user password in

to password and OTP and performs one of the following actions:

• Validates the OTP, or password and OTP

• Proxies the OTP or password to an external RADIUS server for validation.

4. The HP-UX AAA Server or an external RADIUS server updates the database with

the incremented sequence counter after successful OTP authentication.

5. Based on the success or failure of authentication, the HP-UX AAA Server sends

an Access-Accept or Access-Reject message to the user.

NOTE: The HP-UX AAA Server can be configured to generate OTPs that can be

delivered to customers through the secondary channel using SMS, e-mail, FTP, and so

on. Contact your HP Support representative for assistance while configuring the HP-UX

AAA Server to use the secondary channel for OTP delivery.

Components Required to Configure OTP Authentication

The following components, which are required to configure OTP authentication, are

provided with the HP-UX AAA Server:

• Modified Finite State Machine (FSM)

• Database schema files

• The following sample configuration files:

— sqlaccess.config

— Policy configuration files:

◦ oath-proxy-egress.grp

◦ oath-request-ingress.grp

◦ oath-reply-egress.grp

— User Database Administration Manager (This web-based interface enables you

to administer user profiles and token information in the SQL database

effectively.) For more information, see “Administering Users and Tokens Stored

in an SQL Database” (page 237).

The following components required to configure OTP authentication are not provided

with the HP-UX AAA Server:

• SQL database

• OTP generators (typically, token devices or software that generates OTP) with

their inventory files (files that contain the shared secret and other token information)

164 OATH Standards-Based OTP Authentication