HP-UX AAA Server A.07.01 Administrator's Guide
Use the following rules while replacing the <realm> variable, with the realm
name:
Then…If you have configured …
Replace <realm> with the realm name
configured in step 1
The realm for RADIUS standard password
authentication
Replace <realm> with the inner realm name
configured in step 1
Tunneled realms with different inner and outer
realms for EAP authentication
Replace <realm> with the inner realm name
configured in step 1 using the following syntax:
Tunneled realms with the same inner and outer
realms for EAP authentication
• PEAP (EAP-GTC):
<realm>/peap
Or
• TTLS (PAP):
<realm>/ttls
5. Reload the configuration changes by selecting Reload from the Administration
screen of the Server Manager. If the server is not running, start the HP-UX AAA
Server to read the configuration information.
The HP-UX AAA Server is now configured for two-factor authentication.
OTP or Password Validation at External RADIUS Server
This section discusses different deployment scenarios where the OTP or password
must be validated by an external RADIUS server. This section discusses the following
deployment scenarios:
• “Validating Password on the Local Server and Forwarding OTP to Another RADIUS
Server” (page 187)
• “Validating OTP on the Local Server and Forwarding Password to Another RADIUS
Server” (page 191)
• “Forwarding OTP and Password to Another RADIUS Server for Validation”
(page 194)
Validating Password on the Local Server and Forwarding OTP to Another RADIUS Server
To configure the HP-UX AAA Server to validate the password and forward the OTP
to another RADIUS server for validation, complete the following steps:
1. Configure the realm using the Realms Screen of the Server Manager. Based on the
user profile, configure the realm for the local users file, LDAP, Oracle or MySQL
database. For more information on configuring the realm, see “Adding a Realm”
(page 89).
Configuring OTP Authentication on the HP-UX AAA Server 187