Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
191192193194195196197198199200
Then…If you have configured
Replace <realm> with the inner realm name
configured in step 1 using the following syntax:
Tunneled realms with the same inner and outer
realms for EAP authentication
PEAP (EAP-GTC):
<realm>/peap
Or
TTLS (PAP) or TTLS (MS-CHAP v2):
<realm>/ttls
5. Reload the configuration changes by selecting Reload from the Administration
screen of the Server Manager. If the server is not running, start the HP-UX AAA
Server to read the configuration information.
The HP-UX AAA Server is now configured to validate OTP alone.
Configuring Two-Factor Authentication
This section describes how to configure two-factor authentication in the following
deployment scenarios:
“If User and Token Information is in Different SQL Database Tables” (page 197)
“If User and Token Information is in the Same SQL Database Table” (page 199)
“If User and Token Information is in Different Databases” (page 202)
If User and Token Information is in Different SQL Database Tables
This is the default configuration.
To configure two-factor authentication if user and token information is in different
tables in the same SQL database, complete the following steps:
1. Configure the realm using the Realms Screen of the Server Manager. While
configuring the realm, use the procedure listed in “Configuring Realms for Database
Access via SQL” (page 107). In the User Storage Parameters field, ensure that the
RetrieveUserAndToken SQL action is selected and the configuration is saved.
For more information on configuring the realm, see Adding a Realm” (page 101).
2. If not appended , append the contents of the sample OTP reference implementation
policy files (located in /opt/aaa/examples/config) to the default policy files
(located in /etc/opt/aaa) using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
3. In the /etc/opt/aaa/request-ingress.grp file, replace the <realm> variable
and configure the Otp-ActionId attribute according to the following rules:
Configuring OTP Authentication on the HP-UX AAA Server 197