HP-UX AAA Server A.07.01 Administrator's Guide
in the same SQL database. For more information on configuring two-factor
authentication in this scenario, follow the instructions in the README file at:
• /opt/aaa/example/sqlaccess/oracle-1/README - if you are using an
Oracle database
• /opt/aaa/example/sqlaccess/mysql-1/README - if you are using a MySQL
database
IMPORTANT NOTES:
• After using the sample reference implementation and before deploying your
implementation in a production environment, you must change the default
passwords for database user, test user, and the shared secret of the test user.
• If the shared secret provided by the token vendor is in hexadecimal format, edit
the /etc/opt/aaa/sqlaccess.config file to change the following entry in
the RetrieveUserAndToken SQL action:
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
to
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
and reload the configuration changes.
If you are using the RetrieveToken SQL action, then the following entry must
be modified as follows:
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
to
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
and reload the configuration changes.
Advanced Configuration
Advanced configuration typically requires some extra customization of the feature to
suit your needs. This section also discusses various deployment scenarios. For more
information, see “Advanced Deployment Scenarios” (page 177)
168 OATH Standards-Based OTP Authentication