HP-UX AAA Server A.08.00.01 Administrator's Guide

Validating OTP on the Local Server and Forwarding Password to Another RADIUS Server

To configure the HP-UX AAA Server to validate the OTP and forward the password

to another RADIUS server for validation, complete the following steps:

1. Configure the realm using the Realms Screen of the Server Manager. While

configuring the realm, use the procedure listed in “Configuring Realms for Database

Access via SQL” (page 107). In the User Storage Parameters field, ensure that the

RetrieveToken SQL action is selected and the configuration is saved. For more

information on configuring the realm, see “Adding a Realm” (page 101).

2. Configure the proxy target server using the Server Manager and save the

configuration. For more information on configuring proxies, see “Configuring

Proxies” (page 113).

3. If not appended , append the contents of the sample OTP reference implementation

policy files (located in /opt/aaa/examples/config) to the default policy files

(located in /etc/opt/aaa) using the following commands:

# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp

# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp

# cat /opt/aaa/examples/config/oath-proxy-egress.grp >> /etc/opt/aaa/proxy-egress.grp

4. In the /etc/opt/aaa/request-ingress.grp file, replace the <realm> variable

and configure the Otp-ActionId attribute according to the following rules:

Then …

If you have

configured...

Replace the <realm> variable in the following syntax with the realm name configured

in Step 1:

if ((count (User-Name) > 0) && (substr (User-Name after "@") = "<realm>"))

{

The realm

for RADIUS

standard

password

authentication

insert Otp-ActionId = 83

exit "ACK"

}

Configuring OTP Authentication on the HP-UX AAA Server 209