HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

141

142

143

144

145

146

147

148

149

150

Then …

If you have

configured...

exit "ACK"

}

4. In the /etc/opt/aaa/reply-egress.grp file, replace the <realm> variable with the

configured realm name in step 1 as follows:

if ( (count (User-Realm) > 0) && (User-Realm = “<realm>”) )

Use the following rules while replacing the <realm> variable, with the realm name:

Then…If you have configured …

Replace <realm> with the realm name configured in

step 1

The realm for RADIUS standard password authentication

Replace <realm> with the inner realm name configured

in step 1

Tunneled realms with different inner and outer realms

for EAP authentication

Replace <realm> with the inner realm name configured

in step 1 using the following syntax:

Tunneled realms with the same inner and outer realms

for EAP authentication

• PEAP (EAP-GTC) or PEAP(EAP-MSCHAPv2) :

<realm>/peap

• TTLS (PAP), TTLS (MS-CHAP v2), or

TTLS(EAP-MSCHAPv2):

<realm>/ttls

5. Reload the configuration changes by selecting Reload from the Administration screen of the

Server Manager. If the server is not running, start the HP-UX AAA Server to read the

configuration information.

The HP-UX AAA Server is now configured for two-factor authentication.

If User and Token Information is in the Same SQL Database Table

The default configuration enables you to store user and token information in different database

tables.

To store user and token information in a single table, you must merge the two tables

(RAD_USERS_TABLE and RAD_TOKENS_TABLE) into a single table.

To configure two-factor authentication if user profile and token information is stored in the same

table in the SQL database, complete the following steps:

1. Configure the realm using the Realms Screen of the Server Manager. While configuring the

realm, use the procedure listed in “Configuring Realms for Database Access via SQL”

(page 76). In the User Storage Parameters field, ensure that the RetrieveUserAndToken

SQL action is selected and the configuration is saved. For more information on configuring

the realm, see “Adding a Realm” (page 72).

2. Modify the RetrieveUserAndToken SQL action in the /etc/opt/aaa/

sqlaccess.config file to retrieve user and token information from the combined table.

3. Modify the following stored procedures in the SQL database for the combined table:

• update_seq_and_success_count

• update_failedcount_tokenstatus

146 OATH Standards-Based OTP Authentication