HP-UX AAA Server A.08.00.01 Administrator's Guide
OATH is an industry-wide collaboration to develop open-reference architecture for
strong authentication. OATH consortium has developed a set of open royalty-free
algorithms for one-time passwords. The OATH standards-based OTP authentication
solution uses the HMAC-based One-Time Password (HOTP) algorithm to generate an
OTP using a shared secret and sequence counter.
The HOTP algorithm is a sequence-based algorithm. Any OATH-compliant client
device can interoperate with an HOTP algorithm-enabled OTP validation server.
For more information on OATH and the HOTP algorithm, see the following web
addresses:
• http://www.openauthentication.org/
• ftp://ftp.rfc-editor.org/in-notes/rfc4226.txt
HP-UX AAA Server and OATH Support
The HP-UX AAA Server supports the OATH standards sequence-based OTP
authentication, which enables the HP-UX AAA Server to interoperate with other OATH
compliant clients.
Normally, the authentication process used by the HP-UX AAA Server is confined to
validating the user password against the password stored in the database. However,
with OTP support, the HP-UX AAA Server can now perform the following additional
functions:
• Validate the OTP
• Proxy the OTP or password to an external RADIUS server for OTP or password
validation
The OATH standards-based OTP authentication feature enables the HP-UX AAA Server
to offer the following benefits:
• Secures the applications by providing an additional factor (OTP)
• Provides a low-cost solution for implementing OATH standards-based
authentication
• Provides compatibility with different types of client devices
• Offers flexibility to configure OATH standards-based OTP authentication for
various deployment scenarios
Figure 16-1 illustrates the role of the HP-UX AAA Server and its components in handling
OTP, or OTP and password authentication requests.
HP-UX AAA Server and OATH Support 175