Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
201202203204205206207208209210
Then…If you have configured
Replace <realm> with the inner realm name
configured in step 1 using the following syntax:
Tunneled realms with the same inner and outer
realms for EAP authentication
PEAP (EAP-GTC):
<realm>/peap
Or
TTLS (PAP) or TTLS (MS-CHAP v2):
<realm>/ttls
7. Reload the configuration changes by selecting Reload from the Administration
screen of the Server Manager. If the server is not running, start the HP-UX AAA
Server to read the configuration information.
The HP-UX AAA Server is now configured for two-factor authentication.
If User and Token Information is in Different Databases
To configure two-factor authentication if user profile and token information is stored
in different databases, complete the following steps:
1. Configure the realm using the Realms Screen of the Server Manager. Based on the
user profile, configure the realm for the local users file, LDAP, Oracle or MySQL
database using SQL Access and save the configuration. For more information on
configuring the realm, see Adding a Realm” (page 101).
2. If not appended, append the contents of the sample OTP reference implementation
policy files (located in /opt/aaa/examples/config) to the default policy files
(located in /etc/opt/aaa) using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
3. In the /etc/opt/aaa/request-ingress.grp file, replace the <realm> variable
and configure the Otp-ActionId attribute according to the following rules:
Then
If you have
configured...
For RADIUS Standard Password, replace the <realm> variable in the following
syntax with the realm name configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
The realm
for RADIUS
standard
password or
insert Otp-ActionId = 112
MS-CHAP
insert Otp-Retrieve-TokenInfo-ActionId = "RetrieveToken"
v2
authentication
exit "ACK"
}
For MS-CHAP v2, replace the <realm> variable in the following syntax with the
realm name configured in Step 1:
if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))
{
202 OATH Standards-Based OTP Authentication