HP-UX AAA Server A.07.01 Administrator's Guide
SQLAction RetrieveToken {
{
input
RAD(User-Id, REPLY) DBP(userid, 253, CHAR)
output
DBR(DBmatchRow) FUNC(NAKonZero)
DBC(serial_number, 128, CHAR) RAD(Otp-Token-Serial-Number, REPLY)
DBC(token_status, 128, CHAR) FUNC(AAATokenStatusCheck)
DBC(seq_counter, 38, CHAR) RAD(HOtp-Seq-Counter, REPLY)
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
DBC(otp_length, 10, INT) RAD(Otp-Token-Length,REPLY)
DBR(DBretCode) FUNC(RETRIEVEonZero)
SQLStatement db_oci {
SELECT serial_number, token_status,
seq_counter, shared_secret,otp_length
FROM RAD_TOKENS_TABLE
WHERE user_name=:userid
}
}
}
In this example, the Otp-Token-Length attribute has been added in the last row. If
you are using RetrieveUserAndToken SQL action, similar changes will be required
there to configure OTP attributes at a user level.
NOTE: The corresponding values for the attributes configured in the
sqlaccess.config file must be stored in the user profile and in RAD_TOKENS_TABLE
in the database.
Advanced Deployment Scenarios
This section documents the procedures for configuring OTP and two-factor
authentication in the following deployment scenarios:
• “Validating OTP Alone” (page 178)
• “Configuring Two-Factor Authentication” (page 180)
— “If User and Token Information is in Different SQL Database Tables” (page 180)
— “If User and Token Information is in the Same SQL Database Table” (page 182)
— “If User and Token Information is in Different Databases” (page 185)
• “OTP or Password Validation at External RADIUS Server” (page 187)
— “Validating Password on the Local Server and Forwarding OTP to Another
RADIUS Server” (page 187)
— “Validating OTP on the Local Server and Forwarding Password to Another
RADIUS Server” (page 191)
— “Forwarding OTP and Password to Another RADIUS Server for Validation”
(page 194)
Configuring OTP Authentication on the HP-UX AAA Server 177