Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
151152153154155156157158159160
Table 39 SQL actions and Stored Procedures that Support OTP Authentication (continued)
OperationTable Operated OnSQL action
stored procedure also increments the
success authentication count.
A stored procedure that is created using
dbsetup.sql. This procedure
RAD_TOKENS_TABLEUpdateFailedAuthCountAnd
TokenStatus
increments the failed authentication
count after a failed authentication.
This stored procedure also increments
the lock counter for each failed
authentication. If the number of
consecutive failed authentication
attempts is greater than the configured
token lock counter value (default 6),
where the time interval between two
consecutive failed authentication
attempts is less than 60 seconds, it
updates the token status to LOCKED.
Based on your requirements, you can
modify this stored procedure to
configure the time interval.
You can also modify this stored
procedure to lock the user account
using a different method.
IMPORTANT NOTES:
After using the sample reference implementation and before deploying your implementation
in a production environment, you must change the default passwords for database user, test
user, and the shared secret of the test user.
If the shared secret provided by the token vendor is in ASCII format, edit the /etc/opt/aaa/
sqlaccess.config file to change the following entry in the RetrieveUserAndToken
SQL action:
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(RAD_TOKENS_TABLE.shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
If you are using the RetrieveToken SQL action, then the following entry must be modified
as follows:
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
to
DBC(shared_secret, 128, CHAR) RAD(Otp-Shared-Secret, REPLY)
and reload the configuration changes.
In addition, the RAD_USERS_TABLE is extended with the following entries:
RAD_USERS_TABLE
security_question
security_answer
mailing_address
mailing_city
mailing_state
mailing_pin
mailing_country
email_id
Configuring OTP Authentication on the HP-UX AAA Server 157