HP-UX AAA Server A.08.02 Administrator's Guide
on actions and customizing actions, see “Advanced OTP Authentication Configuration Concepts”
(page 134).
Notes:
1. The HP-UX AAA Server supports only the token information that is stored in the SQL database.
2. The HP-UX AAA Server supports only the following EAP authentication methods for OTP
authentication:
• PEAP (EAP-GTC and EAP-MS-CHAPv2)
• TTLS (PAP, MS-CHAPv2, and EAP-MSCHAPv2)
IMPORTANT NOTES:
• After using the sample reference implementation and before deploying your implementation
in a production environment, you must change the default passwords for database user, test
user, and the shared secret of the test user.
• If the shared secret provided by the token vendor is in ASCII format, edit the /etc/opt/aaa/
sqlaccess.config file to change the following entry in the RetrieveUserAndToken
SQL action:
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
If you are using the RetrieveToken SQL action, then the following entry must be modified
as follows:
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
Configuring OTP Authentication on the HP-UX AAA Server 131