HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

151

152

153

154

155

156

157

158

159

160

7. Configure the proxy target server for OTP validation as follows:

• If the target proxy server is an HP-UX AAA Server:

1. Configure the proxy server as a client using the same shared secret of the proxy

server. For more information, see “Configuring RADIUS Clients Using the Access

Devices Screen” (page 69).

2. Configure the proxy target server to validate OTP. For more information, see

“Validating OTP Alone” (page 142).

IMPORTANT: While specifying the realm in the remote server’s

request-ingress.grp file always use the following syntax:

if ((count (User-Name) > 0) && (substr (User-Name after

"@") = "<realm>"))

{

insert Otp-ActionId = 16

exit "ACK"

}

If you have configured tunneled realms with different inner and outer realms for EAP

authentication, then replace the <realm> variable with the inner realm name.

• If the target proxy server is not an HP-UX AAA Server, see the documentation of the target

RADIUS server to configure OTP authentication.

NOTE: While configuring the proxy target server you must configure it using the realm name

that you have configured in Step 1.

The HP-UX AAA Server is now configured for validating password on the local server and forwarding

the OTP to another RADIUS server for validation.

Validating OTP on the Local Server and Forwarding Password to Another RADIUS Server

To configure the HP-UX AAA Server to validate the OTP and forward the password to another

RADIUS server for validation, complete the following steps:

1. Configure the realm using the Realms Screen of the Server Manager. While configuring the

realm, use the procedure listed in “Configuring Realms for Database Access via SQL”

(page 76). In the User Storage Parameters field, ensure that the RetrieveToken SQL action

is selected and the configuration is saved. For more information on configuring the realm, see

“Adding a Realm” (page 72).

2. Configure the proxy target server using the Server Manager and save the configuration. For

more information on configuring proxies, see “Configuring Proxies” (page 81).

3. If not appended , append the contents of the sample OTP reference implementation policy

files (located in /opt/aaa/examples/config) to the default policy files (located in /etc/

opt/aaa) using the following commands:

# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp

# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp

# cat /opt/aaa/examples/config/oath-proxy-egress.grp >> /etc/opt/aaa/proxy-egress.grp

Configuring OTP Authentication on the HP-UX AAA Server 153