HP-UX AAA Server A.07.01 Administrator's Guide
Configuring OTP Authentication on the HP-UX AAA Server
The HP-UX AAA Server uses SQLAccess, the FSM, and policy actions to support OTP
authentication. This feature offers the flexibility to customize OTP authentication
depending on the deployment scenarios.
Sample policy files are provided to simplify the process of configuring the HP-UX AAA
Server to provide password and OTP authentication.
If you are not using the basic or typical configuration (“Basic or Typical Configuration”)
append the contents of the sample OTP reference implementation files (located in
/opt/aaa/examples/config) to the default policy files (located in /etc/opt/aaa)
using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
# cat /opt/aaa/examples/config/oath-proxy-egress.grp >> /etc/opt/aaa/proxy-egress.grp
In addition, you must complete the necessary configuration to use SQL Access. For
more information, see Chapter 18 (page 207).
NOTE: The oath-proxy-egress.grp file is required only if you are proxying the
OTP or password to an external RADIUS server.
OTP Authentication Configuration Flowchart
The OTP authentication configuration flowchart (Figure 16-2) included in this section
documents some common deployment scenarios. Read the scenarios discussed in the
flowchart against your deployment requirements and click the relevant links for more
information about the procedure to be followed.
To customize your deployment further, additional configuration attributes and items
are provided that can be configured on a per-user, per-realm, or on a system-wide
level. For more information on these attributes, see “Attributes for Configuring OTP
Authentication” (page 172). For information on actions and customizing actions, see
“Advanced OTP Authentication Configuration Concepts” (page 169).
Configuring OTP Authentication on the HP-UX AAA Server 165