HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

131

132

133

134

135

136

137

138

139

140

Table 35 Bit Masks to Configure OTP Authentication Tasks

Action

Support for

MS-CHAP v2

Support for

RADIUS

Bit MaskTask

Standard

Password

On receiving the incoming request, the HP-UX

AAA Server splits the request into password and

NoYes7Splits the incoming

password in to

password and OTP. OTP based on the number of digits specified in

OTP token length as follows:

If the number of digits specified in the OTP token

length is 7, the last 7 characters are identified

as OTP.

The HP-UX AAA Server validates the password

from the User-Password attribute.

YesYes6Validates the password.

The HP-UX AAA Server validates the incoming

OTP.

YesYes5Validates the OTP.

The HP-UX AAA server generates and stores the

OTP in the Generated-OTP attribute.

YesYes4Stores the generated

OTP in Generated-OTP

attribute.

The HP-UX AAA Server removes the password

from the incoming password and replaces the

NoYes3Removes the password

User-Password attribute with OTP. This bit mask

must be used if the User-Password attribute

contains the password and OTP.

The HP-UX AAA Server removes the OTP from

the incoming password and replaces the

NoYes2Removes the OTP

User-Password attribute with password. This bit

mask must be used if the User-Password attribute

contains the password and OTP.

The HP-UX AAA Server returns a proxy event to

the FSM. Proxy files can be configured to proxy

the request to the proxy target server.

NoYes1Sets the proxy event

code

NOTE: The HP-UX AAA Server executes the actions, listed in Table 35, in the predefined

descending order of bit masks (from bit mask 7 to bit mask 1).

You can use the bit masks, listed in Table 35, in various combinations to configure OTP

authentication, two-factor authentication, and other operations depending on your deployment

scenario.

For example, to validate the password and the OTP (two-factor authentication) using RADIUS

standard password, the HP-UX AAA Server must perform the following actions:

• Split the password and the OTP (bit mask 7)

• Validate the password (bit mask 6)

• Validate the OTP (bit mask 5)

Figure 51 illustrates how you can set the bit mask to validate both password and OTP (two-factor

authentication).

136 OATH Standards-Based OTP Authentication