Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
171172173174175176177178179180
16 OATH Standards-Based OTP Authentication
IMPORTANT: The SecurID authentication is obsolete in this release of the HP-UX
AAA Server. The SecurID authentication can be replaced by Open AuTHentication
(OATH) standards-based One-Time Password (OTP) authentication. OATH is an
industry-wide collaboration to develop open-reference architecture for strong
authentication. The OATH standards-based OTP authentication solution supports
hardware and software tokens from multiple vendors.
This chapter introduces the Open AuTHentication (OATH) standards-based One-Time
Password (OTP) authentication. It also describes how to enable the HP-UX AAA Server
to provide OTP, and OTP and password (two-factor) authentication in different
deployment scenarios. The term OTP authentication is used throughout this document
to refer to the functionality that enables OTP authentication. The term two-factor
authentication is used for password and OTP authentication.
This chapter addresses the following topics:
OTP and OATH Overview
“HP-UX AAA Server and OATH Support” (page 175)
“Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP
v2” (page 177)
“Components Required to Configure OTP Authentication” (page 178)
“Configuring OTP Authentication on the HP-UX AAA Server ” (page 178)
“OTP Authentication Configuration Flowchart” (page 179)
“Basic or Typical Configuration” (page 182)
Advanced Configuration” (page 183)
Advanced OTP Authentication Configuration Concepts” (page 183)
Advanced Deployment Scenarios” (page 194)
“Predefined Mapping and Conversion Functions” (page 212)
“Sample Configuration Files” (page 212)
OTP and OATH Overview
Like a password, OTP can be used to authenticate the user to obtain access to a network.
OTP can be used alone or along with a password for authentication. Typically, OTP is
used for two-factor authentication. For example, in large organizations, VPN access
often requires the use of user-name, password, and OTP for remote user two-factor
authentication. Added security is provided when an OTP is used for authentication,
because a user must enter a different OTP each time to authenticate to a validation
server.
174 OATH Standards-Based OTP Authentication