HP-UX AAA Server A.08.00.01 Administrator's Guide
3. Modify the following stored procedures in the SQL database for the combined
table:
• update_seq_and_success_count
• update_failedcount_tokenstatus
4. If not appended, append the contents of the sample OTP reference implementation
policy files (located in /opt/aaa/examples/config) to the default policy files
(located in /etc/opt/aaa) using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
5. In the /etc/opt/aaa/request-ingress.grp file, replace the <realm> variable
and configure the Otp-ActionId attribute according to the following rules:
Then …
If you have
configured...
For RADIUS Standard Password, replace the <realm> variable in the following
syntax with the realm name configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
The realm
for RADIUS
standard
password or
insert Otp-ActionId = 112
MS-CHAP
exit "ACK"
}
v2
authentication
For MS-CHAP v2, replace the <realm> variable in the following syntax with the
realm name configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
insert Otp-ActionId = 48
exit "ACK"
}
Replace the <realm> variable in the following syntax with the inner realm name
configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
Tunneled
realms with
different
inner and
insert Otp-ActionId = 112
outer
exit "ACK"
}
realms for
EAP
authentication
200 OATH Standards-Based OTP Authentication