HP-UX AAA Server A.07.01 Administrator's Guide
Table 16-3 Attributes for Configuring OTP Authentication (continued)
DescriptionConfiguration TypeAttribute Name
Specifies the action to add the checksum while
validating the OTP. If this attribute value is
User, realm, or
system-wide level
configuration
Otp-Add-Checksum
yes, the HP-UX AAA Server calculates the
checksum for the generated OTP.
While validating the OTP, if the calculated
checksum is identical, the HP-UX AAA Server
continues with the OTP validation. If the
calculated checksum is not identical, the
HP-UX AAA Server attempts to resynchronize.
Default Value no
Specifies the SQL action for retrieving the
token information from the database.
Realm level configuration
only
Otp-Retrieve-TokenInfo-
ActionId
Sets the SQL action to be processed after
applying the reply-egress policy (for example,
Realm level configuration
only
Reply-Egress-
ActionId
updating the success or failed authentication
counter).
NOTE: The attributes listed in Table 16-3 are defined in the dictionary file.
The HP-UX AAA Server uses the following precedence rules while executing OTP
authentication requests:
• Attributes configured at the user level are given highest precedence
• Attributes configured at the realm level are given second highest precedence
• If the attributes are not configured on a user or realm level, the system-wide
attributes are given precedence
System-Wide OTP Configuration Items
To configure OTP attributes on a system-wide level, you must use the following syntax
to add the system-wide configurable items, listed in Table 16-4, to the /etc/opt/aaa/
aaa.config file as follows:
otp_lookup_window <10>
otp_token_length <6>
otp_token_lock_counter <6>
otp_add_checksum <no>
174 OATH Standards-Based OTP Authentication