Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
171172173174175176177178179180
Components Required to Configure OTP Authentication
The following components, which are required to configure OTP authentication, are
provided with the HP-UX AAA Server:
Modified Finite State Machine (FSM)
Database schema files
The following sample configuration files:
sqlaccess.config
Policy configuration files:
oath-proxy-egress.grp
oath-request-ingress.grp
oath-reply-egress.grp
User Database Administration Manager (This web-based interface enables you
to administer user profiles and token information in the SQL database
effectively.) For more information, see Administering Users and Tokens Stored
in an SQL Database” (page 369).
The following components required to configure OTP authentication are not provided
with the HP-UX AAA Server:
SQL database
OTP generators (typically, token devices or software that generates OTP) with
their inventory files (files that contain the shared secret and other token information)
Configuring OTP Authentication on the HP-UX AAA Server
The HP-UX AAA Server uses SQL Access, the FSM, and policy actions to support OTP
authentication. This feature offers the flexibility to customize OTP authentication
depending on the deployment scenarios.
Sample policy files are provided to simplify the process of configuring the HP-UX AAA
Server to provide password and OTP authentication.
If you are not using the basic or typical configuration (“Basic or Typical Configuration”)
append the contents of the sample OTP reference implementation files (located in
/opt/aaa/examples/config) to the default policy files (located in /etc/opt/aaa)
using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
# cat /opt/aaa/examples/config/oath-proxy-egress.grp >> /etc/opt/aaa/proxy-egress.grp
In addition, you must complete the necessary configuration to use SQL Access. For
more information, see Chapter 22 (page 333).
178 OATH Standards-Based OTP Authentication