HP-UX AAA Server A.07.01 Administrator's Guide
IMPORTANT: If the shared secret provided by the token vendor is in hexadecimal
format, edit the /etc/opt/aaa/sqlaccess.config file to change the following
entry in the RetrieveUserAndToken SQL action:
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
to
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
and reload the configuration changes.
If you are using the RetrieveToken SQL action, then change the following entry as
follows:
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
to
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
and reload the configuration changes.
If the shared secret is not provided in hexadecimal format, you need to write a
conversion function to convert the shared secret to binary format. For more information
on writing conversion functions, see Chapter 18 (page 207)
In addition, the RAD_USERS_TABLE is extended with the following entries:
RAD_USERS_TABLE
security_question
security_answer
mailing_address
mailing_city
mailing_state
mailing_pin
mailing_country
email_id
work_phone
mobile_phone
Sample Policy Files
This section describes the sample policy files that are used for configuring OTP
authentication. This section addresses the following topics:
• “The oath-request-ingress.grp Sample File.”
• “The oath-reply-egress.grp Sample File” (page 198)
• “The oath-proxy-egress.grp Sample File” (page 199)
The oath-request-ingress.grp Sample File
The oath-request-ingress.grp file is the primary sample reference implementation
file for configuring OTP authentication. You can configure OTP authentication-related
Configuring OTP Authentication on the HP-UX AAA Server 197