HP-UX AAA Server A.08.02 Administrator's Guide
HP-UX AAA Server and OATH Support
The HP-UX AAA Server supports the OATH standards sequence-based OTP authentication, which
enables the HP-UX AAA Server to interoperate with other OATH compliant clients.
Normally, the authentication process used by the HP-UX AAA Server is confined to validating the
user password against the password stored in the database. However, with OTP support, the HP-UX
AAA Server can now perform the following additional functions:
• Validate the OTP
• Proxy the OTP or password to an external RADIUS server for OTP or password validation
The OATH standards-based OTP authentication feature enables the HP-UX AAA Server to offer the
following benefits:
• Secures the applications by providing an additional factor (OTP)
• Provides a low-cost solution for implementing OATH standards-based authentication
• Provides compatibility with different types of client devices
• Offers flexibility to configure OATH standards-based OTP authentication for various deployment
scenarios
Figure 48 illustrates the role of the HP-UX AAA Server and its components in handling OTP, or
OTP and password authentication requests.
Figure 48 OATH Standards-Based OTP Authentication Flow and the HP-UX AAA Server.
Following is the OTP authentication process flow:
1. The user requests access to a protected resource by sending the user credentials (password
or OTP, or password and OTP), which is encrypted with the shared secret, to the authenticator.
The OTP can contain either six, seven, or eight digits.
2. The authenticator forwards the request to the HP-UX AAA Server.
3. The HP-UX AAA Server validates the OTP and password locally.
128 OATH Standards-Based OTP Authentication