Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
131132133134135136137138139140
IMPORTANT NOTES:
After using the sample reference implementation and before deploying your implementation
in a production environment, you must change the default passwords for database user, test
user, and the shared secret of the test user.
If the shared secret provided by the token vendor is in ASCII format, edit the /etc/opt/aaa/
sqlaccess.config file to change the following entry in the RetrieveUserAndToken
SQL action:
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
If you are using the RetrieveToken SQL action, then the following entry must be modified
as follows:
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
Advanced Configuration
Advanced configuration typically requires some extra customization of the feature to suit your
needs. This section also discusses various deployment scenarios. For more information, see
Advanced Deployment Scenarios” (page 142)
Use the following information to understand how to configure the HP-UX AAA Server and the
attributes you can use to customize actions on varying levels.
Advanced OTP Authentication Configuration Concepts” (page 134)
Attributes for Configuring OTP Authentication” (page 137)
“System-Wide OTP Configuration Items” (page 139)
“Realm Level OTP Attributes” (page 140)
“User Level OTP Attributes” (page 141)
Advanced OTP Authentication Configuration Concepts
The HP-UX AAA Server processes all OTP authentication requests depending on the bit mask set
in the OTP-ActionId attribute in the request-ingress.grp file.
You can configure the HP-UX AAA Server to perform various OTP authentication tasks by setting
the bit masks in the OTP-ActionId attribute and by configuring other configuration files. For
more information on the OTP-ActionId attribute, see Attributes for Configuring OTP
Authentication” (page 137). Table 35 lists the bit masks that can be used to configure the HP-UX
AAA Server to perform various tasks.
134 OATH Standards-Based OTP Authentication