HP-UX AAA Server A.08.00.01 Administrator's Guide
Then …
If you have
configured...
For RADIUS Standard Password, replace the <realm> variable in the following
syntax with the realm name configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
The realm
for RADIUS
standard
password or
insert Otp-ActionId = 112
MS-CHAP
exit "ACK"
}
v2
authentication
For MS-CHAP v2, replace the <realm> variable in the following syntax with the
realm name configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
insert Otp-ActionId = 48
exit "ACK"
}
Replace the <realm> variable in the following syntax with the inner realm name
configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
Tunneled
realms with
different
inner and
insert Otp-ActionId = 112
outer
exit "ACK"
}
realms for
EAP
authentication
Tunneled
realms with
1. Delete the following (default) condition in the request-ingress.grp file:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
same inner
insert Otp-ActionId = 112
and outer
exit "ACK"
}
realms for
EAP
authentication
2. Based on the EAP authentication method you have configured, add one of the
following conditions in the /etc/opt/aaa/request-ingress.grp file, and
replace the <realm> variable with the inner realm name configured in step 1:
• If you have configured the realm for PEAP (EAP-GTC), add the following
condition:
if ((count (User-Realm) > 0) && (User-Realm = "<realm>/peap"))
{
insert Otp-ActionId = 112
exit "ACK"
}
• If you have configured the realm for TTLS (PAP), add the following condition:
if ((count (User-Realm) > 0) && (User-Realm = "<realm>/ttls"))
{
insert Otp-ActionId = 112
exit "ACK"
}
• If you have configured the realm for TTLS (MS-CHAP v2), add the following
condition:
if ((count (User-Realm) > 0) && (User-Realm = "<realm>/ttls"))
{
insert Otp-ActionId = 48
exit "ACK"
}
198 OATH Standards-Based OTP Authentication