HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

131

132

133

134

135

136

137

138

139

140

Table 37 Attributes for Configuring OTP Authentication (continued)

DescriptionConfiguration TypeAttribute Name

Default Value no

Specifies the SQL action for retrieving the token

information from the database.

Realm level configuration onlyOtp-Retrieve-TokenInfo-

ActionId

Sets the SQL action to be processed after applying

the reply-egress policy (for example, updating the

success or failed authentication counter).

Realm level configuration onlyReply-Egress- ActionId

NOTE: The attributes listed in ??? are defined in the dictionary file.

The HP-UX AAA Server uses the following precedence rules while executing OTP authentication

requests:

• Attributes configured at the user level are given highest precedence

• Attributes configured at the realm level are given second highest precedence

• If the attributes are not configured on a user or realm level, the system-wide attributes are

given precedence

System-Wide OTP Configuration Items

To configure OTP attributes on a system-wide level, you must use the following syntax to add the

system-wide configurable items, listed in Table 38, to the /etc/opt/aaa/aaa.config file as

follows:

otp_lookup_window <10>

otp_token_length <6>

otp_token_lock_counter <6>

otp_add_checksum <no>

Table 38 System-Wide OTP Configuration Items

DescriptionConfiguration Item

Specifies the size of the look ahead window. This enables the

HP-UX AAA Server recalculate the next OTP values and check

against the received OTP to synchronize the sequence counter.

otp_lookup_window

Default Value 10

Specifies the OTP length. Tokens can generate OTPs having six,

seven, or eight digits.

otp_token_length

Default Value 6

Specifies the lock counter. If the number of consecutive failed

authentication attempts is greater than the configured value, where

otp_token_lock_counter

the time interval between two consecutive failed authentication

attempts is less than 60 seconds, the HP-UX AAA Server updates

the token status to LOCKED.

Default Value 6

Specifies the action to add the checksum while validating the OTP.

If this attribute value is yes, the HP-UX AAA Server calculates the

checksum for the generated OTP.

While validating the OTP, if the calculated checksum is identical,

the HP-UX AAA Server continues with the OTP validation. If the

otp_add_checksum

calculated checksum is not identical, the HP-UX AAA Server

attempts to resynchronize.

Default Value no

Configuring OTP Authentication on the HP-UX AAA Server 139