HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

151

152

153

154

155

156

157

158

159

160

format. In such scenarios, you can use the AAASetConvertedHexToBinaryString function

to convert hexadecimal shared secret to binary format.

• The AAATokenStatusCheck Function: This mapping function is used to verify whether the

status of the token is ACTIVE. If the status is ACTIVE, then the HP-UX AAA Server allows the

user to continue with the OTP authentication process. If the status is ASSIGN, the user has to

activate the token using the User Database Administration Manager. For any other token

status, the HP-UX AAA Server rejects the request and prompts the user to contact the

administrator. For more information about token status, see “Valid Token Status Values”

(page 280).

Sample Configuration Files

This section discusses the syntax of the sample configuration files that are used to configure OTP

authentication in the HP-UX AAA Server. This section addresses the following topics:

• “The sqlaccess.config Sample File” (page 156)

• “Sample Policy Files” (page 158)

The sqlaccess.config Sample File

To support OTP authentication, the dbsetup.sql sample file creates an additional database

table, RAD_TOKENS_TABLE, with the following columns:

RAD_TOKENS_TABLE

serial_number

user_name

manufacturer

token_status

seq_counter

shared_secret

otp_length

lookup_window

checksum

activation_code

success_auth_count

failed_auth_count

failed_lock_count

locktime

The SQL actions and stored procedures listed in Table 39 are added in the sqlaccess.config

file to support OTP authentication.

Table 39 SQL actions and Stored Procedures that Support OTP Authentication

OperationTable Operated OnSQL action

Retrieves token information. Uses SQL

result mapping to ensure that at least

RAD_TOKENS_TABLERetrieveToken

one row is returned. It also sets the

event to RETRIEVE_SUCCESS on

exiting to the FSM.

Retrieves user and token information.

Uses SQL result mapping to ensure that

RAD_TOKENS_TABLE and

RAD_USERS_TABLE

RetrieveUserAndToken

at least one row is returned. It also sets

the event to RETRIEVE_SUCCESS on

exiting to the FSM.

A stored procedure that is created using

dbsetup.sql. This procedure updates

RAD_TOKENS_TABLEUpdateSequenceCounterAnd

SuccessAuthCount

the sequence counter that is passed as

an argument. This action is called after

successful OTP authentication. This

156 OATH Standards-Based OTP Authentication