HP-UX AAA Server A.07.01 Administrator's Guide
Then…If you have configured …
Replace <realm> with the inner realm name
configured in step 1 using the following syntax:
Tunneled realms with the same inner and outer
realms for EAP authentication
• PEAP (EAP-GTC):
<realm>/peap
Or
• TTLS (PAP):
<realm>/ttls
7. Reload the configuration changes by selecting Reload from the Administration
screen of the Server Manager. If the server is not running, start the HP-UX AAA
Server to read the configuration information.
The HP-UX AAA Server is now configured for two-factor authentication.
If User and Token Information is in Different Databases
To configure two-factor authentication if user profile and token information is stored
in different databases, complete the following steps:
1. Configure the realm using the Realms Screen of the Server Manager. Based on the
user profile, configure the realm for the local users file, LDAP, Oracle, or MySQL
database and save the configuration. For more information on configuring the
realm, see “Adding a Realm” (page 89).
2. If not appended, append the contents of the sample OTP reference implementation
policy files (located in /opt/aaa/examples/config) to the default policy files
(located in /etc/opt/aaa) using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
3. In the /etc/opt/aaa/request-ingress.grp file, replace the <realm> variable
and configure the Otp-ActionId attribute according to the following rules:
Then …
If you have
configured...
Replace the <realm> variable in the following syntax with the realm name configured
in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
The realm
for RADIUS
standard
password
authentication
insert Otp-ActionId = 112
insert Otp-Retrieve-TokenInfo-ActionId = "RetrieveToken"
exit "ACK"
}
Configuring OTP Authentication on the HP-UX AAA Server 185