HP-UX AAA Server A.08.00.01 Administrator's Guide
if ( (count (User-Realm) > 0) && (User-Realm = "<realm>") )
{
In the case of successful authentication, the following sample inserts the
Reply-Egress-ActionId attribute with the SQL action
UpdateSeqenceCounterAndSuccessAuthCount and returns the
POST_REPLY_EGRESS event to update the sequence counter and success
authentication count using SQLAccess.
if (Interlink-Reply-Status = "ACK")
{
if (count (Reply-Egress-ActionId) = 0)
{
insert Reply-Egress-ActionId = "UpdateSequenceCounterAndSuccessAuthCount"
}
exit "POST_REPLY_EGRESS"
}
}
In the case of failed authentication, the following sample inserts the
Reply-Egress-ActionId attribute with the SQL action
UpdateFailedAuthCountAndTokenStatus and returns the POST_REPLY_EGRESS
event to update the failed authentication count and failed lock counter using SQLAccess.
if (Interlink-Reply-Status = "NAK")
{
if (count (Reply-Egress-ActionId) = 0)
{
insert Reply-Egress-ActionId = "UpdateFailedAuthCountAndTokenStatus"
}
exit "POST_REPLY_EGRESS"
}
If the number of consecutive failed authentication attempts is greater than the configured
token lock counter value (default 6), where the time interval between two consecutive
failed authentication attempts is less than 60 seconds, the HP-UX AAA Server updates
the token status to LOCKED.
The oath-proxy-egress.grp Sample File
The oath-proxy-egress.grp sample reference implementation file can be used to
proxy OTP, or password, or both to the remote server for validation.
To proxy the request to the proxy target server, replace the variable <proxyrealm>
with the realm name that is configured in the request-ingress.grp file. You must
also replace the variable <Proxy Target Server or IP Address> with the proxy
target server host name (FQDN) or the IP Address.
if ( (count (User-Realm) > 0) && (User-Realm = "<proxyrealm>") )
{
Configuring OTP Authentication on the HP-UX AAA Server 217