Manualshelf

HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
191192193194195196197198199200
Forwarding OTP and Password to Another RADIUS Server for Validation
To forward the OTP and password to another RADIUS server, HP recommends that
you use the Server Manager to forward the complete request to the RADIUS server.
For more information on forwarding requests, see “Configuring Proxies” (page 105).
Predefined Mapping and Conversion Functions
HP provides the following additional predefined mapping functions to configure OTP
authentication:
The AAASerConvertedHexToBinaryString Conversion Function: This
conversion function is used when the shared secret for the token generators are
provided in hexadecimal string. The HMAC algorithm (on which the HOTP is
based) requires shared secrets only in binary format. In such scenarios, you can
use the AAASetConvertedHexToBinaryString function to convert hexadecimal
shared secret to binary format. To use this function, include the following line in
the /etc/opt/aaa/sqlaccess.config file in the RetrieveToken SQL action
(if you are retrieving the shared secret):
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
To use this function, include the following line in the /etc/opt/aaa/
sqlaccess.confg file in the RetrieveUserAndToken SQL action.
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
The AAATokenStatusCheck Function: This mapping function is used to verify
whether the status of the token is ACTIVE. If the status is ACTIVE, then the HP-UX
AAA Server allows the user to continue with the OTP authentication process. If
the status is ASSIGN, the user has to activate the token using the User Database
Administration Manager. For any other token status, the HP-UX AAA Server
rejects the request and prompts the user to contact the administrator. For more
information about token status, see “Valid Token Status Values” (page 246).
Sample Configuration Files
This section discusses the syntax of the sample configuration files that are used to
configure OTP authentication in the HP-UX AAA Server. This section addresses the
following topics:
“The sqlaccess.config Sample File” (page 194)
“Sample Policy Files”
The sqlaccess.config Sample File
To support OTP authentication, the dbsetup.sql sample file creates an additional
database table, RAD_TOKENS_TABLE, with the following columns:
194 OATH Standards-Based OTP Authentication