HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

151

152

153

154

155

156

157

158

159

160

Then…If you have configured …

<realm>/peap

• TTLS (PAP):

<realm>/ttls

6. In the proxy-egress.grp file, replace the <proxyrealm> variable with the realm name,

and the <Proxy Target Server or IP Address> variable with the proxy target server

host name (FQDN) or the IP Address that is configured in Step 2, as follows:

if ( (count (User-Realm) > 0) && (User-Realm = "<proxyrealm>") )

{

modify Interlink-Proxy-Target = "<Proxy Target Server or IP Address>"

exit "ACK"

}

NOTE: While specifying the realm, ensure the following:

• The realm name used is identical with the name used while configuring the realm (step

1).

• The realm is specified using the realm specification rules listed in step 5.

7. Reload the configuration changes by selecting Reload from the Administration screen of the

Server Manager. If the server is not running, start the HP-UX AAA Server to read the

configuration.

8. Configure the proxy target server for password validation as follows:

• If the target proxy server is an HP-UX AAA Server:

1. Configure the proxy server as a client using the same shared secret of the proxy

server. For more information, see “Configuring RADIUS Clients Using the Access

Devices Screen” (page 69).

2. Configure the proxy target server to validate password. For more information, see

“Adding a Realm” (page 72).

• If the target proxy server is not an HP-UX AAA Server, see the documentation of the target

RADIUS server to configure OTP authentication.

NOTE: While configuring the proxy target server you must configure it using the realm name

that you have configured in Step 1.

The HP-UX AAA Server is now configured for OTP validation at local server and password validation

at external server.

Forwarding OTP and Password to Another RADIUS Server for Validation

To forward the OTP and password (complete request) to another RADIUS server, HP recommends

that you use the Server Manager to forward the complete request to the RADIUS server. For more

information on forwarding requests, see “Configuring Proxies” (page 81).

Predefined Mapping and Conversion Functions

HP provides the following additional predefined mapping functions to configure OTP authentication:

• The AAASerConvertedHexToBinaryString Conversion Function: This conversion function

is used when the shared secret for the token generators are provided in hexadecimal string.

The HMAC algorithm (on which the HOTP is based) requires shared secrets only in binary

Configuring OTP Authentication on the HP-UX AAA Server 155