HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

141

142

143

144

145

146

147

148

149

150

Use the following rules while replacing the <realm> variable, with the realm name:

Then…If you have configured …

Replace <realm> with the realm name configured in

step 1

The realm for RADIUS standard password authentication

Replace <realm> with the inner realm name configured

in step 1

Tunneled realms with different inner and outer realms

for EAP authentication

Replace <realm> with the inner realm name configured

in step 1 using the following syntax:

Tunneled realms with the same inner and outer realms

for EAP authentication

• PEAP (EAP-GTC) or PEAP(EAP-MSCHAPv2):

<realm>/peap

• TTLS (PAP), TTLS (MS-CHAP v2), or

TTLS(EAP-MSCHAPv2):

<realm>/ttls

5. Reload the configuration changes by selecting Reload from the Administration screen of the

Server Manager. If the server is not running, start the HP-UX AAA Server to read the

configuration information.

The HP-UX AAA Server is now configured to validate OTP alone.

Configuring Two-Factor Authentication

This section describes how to configure two-factor authentication in the following deployment

scenarios:

• “If User and Token Information is in Different SQL Database Tables” (page 144)

• “If User and Token Information is in the Same SQL Database Table” (page 146)

• “If User and Token Information is in Different Databases” (page 148)

If User and Token Information is in Different SQL Database Tables

This is the default configuration.

To configure two-factor authentication if user and token information is in different tables in the

same SQL database, complete the following steps:

1. Configure the realm using the Realms Screen of the Server Manager. While configuring the

realm, use the procedure listed in “Configuring Realms for Database Access via SQL”

(page 76). In the User Storage Parameters field, ensure that the RetrieveUserAndToken

SQL action is selected and the configuration is saved. For more information on configuring

the realm, see “Adding a Realm” (page 72).

2. If not appended , append the contents of the sample OTP reference implementation policy

files (located in /opt/aaa/examples/config) to the default policy files (located in /etc/

opt/aaa) using the following commands:

# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp

# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp

144 OATH Standards-Based OTP Authentication