HP-UX AAA Server A.08.00.01 Administrator's Guide
Table 16-2 Bit Masks to Configure OTP Authentication Tasks (continued)
Action
Support for
MS-CHAP
v2
Support for
RADIUS
Standard
PasswordBit MaskTask
The HP-UX AAA Server removes the OTP
from the incoming password and replaces
NoYes2Removes the OTP
the User-Password attribute with
password. This bit mask must be used if
the User-Password attribute contains the
password and OTP.
The HP-UX AAA Server returns a proxy
event to the FSM. Proxy files can be
NoYes1Sets the proxy event
code
configured to proxy the request to the
proxy target server.
NOTE: The HP-UX AAA Server executes the actions, listed in Table 16-2, in the
predefined descending order of bit masks (from bit mask 7 to bit mask 1).
You can use the bit masks, listed in Table 16-2, in various combinations to configure
OTP authentication, two-factor authentication, and other operations depending on
your deployment scenario.
For example, to validate the password and the OTP (two-factor authentication) using
RADIUS standard password, the HP-UX AAA Server must perform the following
actions:
• Split the password and the OTP (bit mask 7)
• Validate the password (bit mask 6)
• Validate the OTP (bit mask 5)
Figure 16-4 illustrates how you can set the bit mask to validate both password and OTP
(two-factor authentication).
Configuring OTP Authentication on the HP-UX AAA Server 185