HP-UX AAA Server A.08.00.01 Administrator's Guide
Forwarding OTP and Password to Another RADIUS Server for Validation
To forward the OTP and password (complete request) to another RADIUS server, HP
recommends that you use the Server Manager to forward the complete request to the
RADIUS server. For more information on forwarding requests, see “Configuring
Proxies” (page 113).
Predefined Mapping and Conversion Functions
HP provides the following additional predefined mapping functions to configure OTP
authentication:
• The AAASerConvertedHexToBinaryString Conversion Function: This
conversion function is used when the shared secret for the token generators are
provided in hexadecimal string. The HMAC algorithm (on which the HOTP is
based) requires shared secrets only in binary format. In such scenarios, you can
use the AAASetConvertedHexToBinaryString function to convert hexadecimal
shared secret to binary format.
• The AAATokenStatusCheck Function: This mapping function is used to verify
whether the status of the token is ACTIVE. If the status is ACTIVE, then the HP-UX
AAA Server allows the user to continue with the OTP authentication process. If
the status is ASSIGN, the user has to activate the token using the User Database
Administration Manager. For any other token status, the HP-UX AAA Server
rejects the request and prompts the user to contact the administrator. For more
information about token status, see “Valid Token Status Values” (page 378).
Sample Configuration Files
This section discusses the syntax of the sample configuration files that are used to
configure OTP authentication in the HP-UX AAA Server. This section addresses the
following topics:
• “The sqlaccess.config Sample File” (page 212)
• “Sample Policy Files”
The sqlaccess.config Sample File
To support OTP authentication, the dbsetup.sql sample file creates an additional
database table, RAD_TOKENS_TABLE, with the following columns:
212 OATH Standards-Based OTP Authentication