Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
181182183184185186187188189190
IMPORTANT NOTES:
After using the sample reference implementation and before deploying your
implementation in a production environment, you must change the default
passwords for database user, test user, and the shared secret of the test user.
If the shared secret provided by the token vendor is in ASCII format, edit the
/etc/opt/aaa/sqlaccess.config file to change the following entry in the
RetrieveUserAndToken SQL action:
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
If you are using the RetrieveToken SQL action, then the following entry must
be modified as follows:
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
Advanced Configuration
Advanced configuration typically requires some extra customization of the feature to
suit your needs. This section also discusses various deployment scenarios. For more
information, see Advanced Deployment Scenarios” (page 194)
Use the following information to understand how to configure the HP-UX AAA Server
and the attributes you can use to customize actions on varying levels.
Advanced OTP Authentication Configuration Concepts” (page 183)
Attributes for Configuring OTP Authentication” (page 188)
“System-Wide OTP Configuration Items” (page 191)
“Realm Level OTP Attributes” (page 192)
“User Level OTP Attributes” (page 193)
Advanced OTP Authentication Configuration Concepts
The HP-UX AAA Server processes all OTP authentication requests depending on the
bit mask set in the OTP-ActionId attribute in the request-ingress.grp file.
You can configure the HP-UX AAA Server to perform various OTP authentication
tasks by setting the bit masks in the OTP-ActionId attribute and by configuring other
configuration files. For more information on the OTP-ActionId attribute, see
Configuring OTP Authentication on the HP-UX AAA Server 183