HP-UX AAA Server A.08.00.01 Administrator's Guide
Use the following rules while replacing the <realm> variable, with the realm
name:
Then…If you have configured …
Replace <realm> with the realm name
configured in step 1
The realm for RADIUS standard password
authentication
Replace <realm> with the inner realm name
configured in step 1
Tunneled realms with different inner and outer
realms for EAP authentication
Replace <realm> with the inner realm name
configured in step 1 using the following syntax:
Tunneled realms with the same inner and outer
realms for EAP authentication
• PEAP (EAP-GTC):
<realm>/peap
Or
• TTLS (PAP) and TTLS (MS-CHAP v2):
<realm>/ttls
5. Reload the configuration changes by selecting Reload from the Administration
screen of the Server Manager. If the server is not running, start the HP-UX AAA
Server to read the configuration information.
The HP-UX AAA Server is now configured for two-factor authentication.
OTP or Password Validation at External RADIUS Server
This section discusses different deployment scenarios where the OTP or password
must be validated by an external RADIUS server. This section discusses the following
deployment scenarios:
• “Validating Password on the Local Server and Forwarding OTP to Another RADIUS
Server” (page 205)
• “Validating OTP on the Local Server and Forwarding Password to Another RADIUS
Server” (page 209)
• “Forwarding OTP and Password to Another RADIUS Server for Validation”
(page 212)
NOTE: For MS-CHAP v2 authentication protocol, partial validation of either OTP or
password locally and the remaining part at an external RADIUS server is not possible.
The complete validation must be performed at the local HP-UX AAA Server or at an
external RADIUS server.
Validating Password on the Local Server and Forwarding OTP to Another RADIUS Server
To configure the HP-UX AAA Server to validate the password and forward the OTP
to another RADIUS server for validation, complete the following steps:
Configuring OTP Authentication on the HP-UX AAA Server 205