HP-UX AAA Server A.07.01 Administrator's Guide
Configuring OTP Authentication for Tunneled EAP Mechanisms
If you have created EAP tunneled realms using the Server Manager for PEAP (EAP-GTC)
or TTLS (PAP) , refer to the following rules for specifying the realms when configuring
OTP authentication:
If you have configured the same inner and outer realms
• If you are using PEAP (EAP-GTC) as the authentication mechanism, replace the
variable <realm> with the configured inner realm name, using the following
syntax in the request-ingress.grp and reply-egress.grp files:
if ( (count (User-Realm) > 0) && (User-Realm = "<realm>/peap"))
• If you are using TTLS (PAP) as the authentication mechanism, replace the variable
<realm> with the configured inner realm name, using the following syntax in the
request-ingress.grp and reply-egress.grp files:
if ( (count (User-Realm) > 0) && (User-Realm = "<realm>/ttls"))
If you have configured different inner and outer realms
If you have configured different inner and outer realms, you must specify the inner
realm name when configuring OTP authentication. For example, if you have configured
an inner realm called otprealm that uses TTLS (PAP) as the authentication mechanism,
specify the realm name in the request-ingress.grp as follows:
if ( (count (User-Name) > 0) && (substr (User-Name after "@" ) = "otprealm" ) )
Specify the realm name in the reply-egress.grp file as follows:
if ( (count (User-Realm) > 0) && (User-Realm = "otprealm"))
NOTE: Creating different inner and outer realms for OTP authentication is supported
only for TTLS (PAP). For information on creating tunneled EAP realms, see “Adding
a Realm” (page 89).
User Level OTP Attributes
To configure OTP attributes on a user level, you must modify the RetrieveToken
SQLAction in the sqlaccess.config file. You can choose to include the user-specific
OTP attributes, listed in Table 16-3 (page 172), using the following syntax:
176 OATH Standards-Based OTP Authentication