Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
191192193194195196197198199200
Configuring OTP Authentication for Tunneled EAP Mechanisms
If you have created EAP tunneled realms using the Server Manager for PEAP (EAP-GTC)
or TTLS (PAP or MS-CHAP v2) , refer to the following rules for specifying the realms
when configuring OTP authentication:
If you have configured the same inner and outer realms
If you are using PEAP (EAP-GTC) as the authentication mechanism, replace the
variable <realm> with the configured inner realm name, using the following
syntax in the request-ingress.grp and reply-egress.grp files:
if ( (count (User-Realm) > 0) && (User-Realm = "<realm>/peap"))
If you are using TTLS (PAP or MS-CHAP v2) as the authentication mechanism,
replace the variable <realm> with the configured inner realm name, using the
following syntax in the request-ingress.grp and reply-egress.grp files:
if ( (count (User-Realm) > 0) && (User-Realm = "<realm>/ttls"))
If you have configured different inner and outer realms
If you have configured different inner and outer realms, you must specify the inner
realm name when configuring OTP authentication. For example, if you have configured
an inner realm called otprealm that uses TTLS (PAP or MS-CHAP v2) as the
authentication mechanism, specify the realm name in the request-ingress.grp as
follows:
if ( (count (User-Name) > 0) && (substr (User-Name after "@" ) = "otprealm" ) )
Specify the realm name in the reply-egress.grp file as follows:
if ( (count (User-Realm) > 0) && (User-Realm = "otprealm"))
NOTE: Creating different inner and outer realms for OTP authentication is supported
only for TTLS (PAP and MS-CHAP v2). For information on creating tunneled EAP
realms, see Adding a Realm” (page 101).
User Level OTP Attributes
To configure OTP attributes on a user level, you must modify the RetrieveToken
SQLAction in the sqlaccess.config file. You can choose to include the user-specific
OTP attributes, listed in Table 16-4 (page 188), using the following syntax:
Configuring OTP Authentication on the HP-UX AAA Server 193