Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
141142143144145146147148149150
Then
If you have
configured...
insert Otp-Retrieve-TokenInfo-ActionId = "RetrieveToken"
exit "ACK"
}
If you have configured the realm for TTLS (EAP-MS-CHAP v2), add the following condition:
if ((count (User-Realm) > 0) && (User-Realm = "<realm>/ttls"))
{
insert Otp-ActionId = 48
insert Otp-Retrieve-TokenInfo-ActionId = "RetrieveToken"
exit "ACK"
}
NOTE: In this example, the Otp-Retrieve-TokenInfo-ActionId attribute is configured
to retrieve token information from the SQL database.
4. In the /etc/opt/aaa/reply-egress.grp file, replace the <realm> variable with the
configured realm name in step 1 as follows:
if ( (count (User-Realm) > 0) && (User-Realm = <realm>) )
Use the following rules while replacing the <realm> variable, with the realm name:
Then…If you have configured
Replace <realm> with the realm name configured in
step 1
The realm for RADIUS standard password authentication
Replace <realm> with the inner realm name configured
in step 1
Tunneled realms with different inner and outer realms
for EAP authentication
Replace <realm> with the inner realm name configured
in step 1 using the following syntax:
Tunneled realms with the same inner and outer realms
for EAP authentication
PEAP (EAP-GTC) or PEAP(EAP-MSCHAPv2):
<realm>/peap
Or
TTLS (PAP), TTLS (MS-CHAP v2), or
TTLS(EAP-MSCHAPv2):
<realm>/ttls
5. Reload the configuration changes by selecting Reload from the Administration screen of the
Server Manager. If the server is not running, start the HP-UX AAA Server to read the
configuration information.
The HP-UX AAA Server is now configured for two-factor authentication.
OTP or Password Validation at External RADIUS Server
This section discusses different deployment scenarios where the OTP or password must be validated
by an external RADIUS server. This section discusses the following deployment scenarios:
“Validating Password on the Local Server and Forwarding OTP to Another RADIUS Server
(page 151)
“Validating OTP on the Local Server and Forwarding Password to Another RADIUS Server
(page 153)
“Forwarding OTP and Password to Another RADIUS Server for Validation” (page 155)
150 OATH Standards-Based OTP Authentication