HP-UX AAA Server A.07.01 Administrator's Guide
Table 16-4 System-Wide OTP Configuration Items
DescriptionConfiguration Item
Specifies the size of the look ahead window. This enables
the HP-UX AAA Server recalculate the next OTP values
otp_lookup_window
and check against the received OTP to synchronize the
sequence counter.
Default Value 10
Specifies the OTP length. Tokens can generate OTPs
having six, seven, or eight digits.
otp_token_length
Default Value 6
Specifies the lock counter. If the number of consecutive
failed authentication attempts is greater than the
otp_token_lock_counter
configured value, where the time interval between two
consecutive failed authentication attempts is less than 60
seconds, the HP-UX AAA Server updates the token status
to LOCKED.
Default Value 6
Specifies the action to add the checksum while validating
the OTP. If this attribute value is yes, the HP-UX AAA
Server calculates the checksum for the generated OTP.
While validating the OTP, if the calculated checksum is
identical, the HP-UX AAA Server continues with the OTP
otp_add_checksum
validation. If the calculated checksum is not identical, the
HP-UX AAA Server attempts to resynchronize.
Default Value no
Realm Level OTP Attributes
To configure OTP attributes on a realm level, you must modify the sample entry in the
request-ingress.grp file using the following syntax:
if ((count (User-Name) > 0) && (substr (User-Name after "@" ) = "<realm>"))
{
# Add Otp-ActionId attribute, if it is not present in the user request.
#
if (count (Otp-ActionId) = 0)
{
insert Otp-ActionId = <OTP-ActionId>
insert Otp-Retrieve-TokenInfo-ActionId = "<SQL action>"
}
exit "ACK"
}
In this example, the OTP-ActionID and Otp-Retrieve-TokenInfo-ActionId
attributes are configured on a realm-basis. Other realm-level OTP attributes can be
added depending on your configuration.
Configuring OTP Authentication on the HP-UX AAA Server 175