HP-UX AAA Server A.08.02 Administrator's Guide
if ( (count (User-Realm) > 0) && (User-Realm = "<realm>") )
{
In the case of successful authentication, the following sample inserts the
Reply-Egress-ActionId attribute with the SQL action
UpdateSeqenceCounterAndSuccessAuthCount and returns the
POST_REPLY_EGRESS event to update the sequence counter and success
authentication count using SQLAccess.
if (Interlink-Reply-Status = "ACK")
{
if (count (Reply-Egress-ActionId) = 0)
{
insert Reply-Egress-ActionId = "UpdateSequenceCounterAndSuccessAuthCount"
}
exit "POST_REPLY_EGRESS"
}
}
In the case of failed authentication, the following sample inserts the Reply-Egress-ActionId
attribute with the SQL action UpdateFailedAuthCountAndTokenStatus and returns the
POST_REPLY_EGRESS event to update the failed authentication count and failed lock counter
using SQLAccess.
if (Interlink-Reply-Status = "NAK")
{
if (count (Reply-Egress-ActionId) = 0)
{
insert Reply-Egress-ActionId = "UpdateFailedAuthCountAndTokenStatus"
}
exit "POST_REPLY_EGRESS"
}
If the number of consecutive failed authentication attempts is greater than the configured token
lock counter value (default 6), where the time interval between two consecutive failed authentication
attempts is less than 60 seconds, the HP-UX AAA Server updates the token status to LOCKED.
The oath-proxy-egress.grp Sample File
The oath-proxy-egress.grp sample reference implementation file can be used to proxy OTP,
or password, or both to the remote server for validation.
To proxy the request to the proxy target server, replace the variable <proxyrealm> with the
realm name that is configured in the request-ingress.grp file. You must also replace the
variable <Proxy Target Server or IP Address> with the proxy target server host name
(FQDN) or the IP Address.
if ( (count (User-Realm) > 0) && (User-Realm = "<proxyrealm>") )
{
modify Interlink-Proxy-Target = "<Proxy Target Server or IP Address>"
exit "ACK"
}
Configuring OTP Authentication on the HP-UX AAA Server 159