HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

131

132

133

134

135

136

137

138

139

140

Table 37 Attributes for Configuring OTP Authentication (continued)

DescriptionConfiguration TypeAttribute Name

OTP values and check against the received OTP to

synchronize the sequence counter. If this attribute is

not specified, the value of system wide configuration

entry otp_lookup_window is used as the default

value.

Default Value 10

Value Type integer

Specifies an eight-byte counter value. The HMAC

algorithm requires this counter value to generate an

OTP.

This counter value must be synchronized between

the OTP generator and the HP-UX AAA Server. This

attribute is mandatory for each user.

User level configuration onlyHOtp-Seq-Counter

Value Type unsigned char

Specifies the unique shared secret between the OTP

generator and the HP-UX AAA Server that generates

User level configuration onlyOtp-Shared-Secret

the OTP. The HMAC algorithm requires this counter

value to generate an OTP. The length of the shared

secret must be at least 128 bits (RFC 4226

recommends 160 bits). This attribute is mandatory

for each user.

Value Type binary string

A unique serial number for OTP generators (token

devices or software that generates OTP).

User level configuration onlyOtp-Token-Serial-

Number

Specifies the lock counter. If the number of

consecutive failed authentication attempts is greater

User, realm, or system-wide

level configuration

Otp-Token-Lock- Counter

than the configured Otp-Token-Lock-Counter

value, where the time interval between two

consecutive failed authentication attempts is less than

60 seconds, the HP-UX AAA Server updates the token

status to LOCKED. If this attribute is not specified, the

value of system-wide configuration item

otp_token_lock_counter is used as the default

value.

Default Value 6

Specifies the OTP length. Tokens can generate OTPs

having six, seven, or eight digits. If this attribute is

User, realm, or system-wide

level configuration

Otp-Token-Length

not specified, the value of system-wide configuration

item otp_token_length is used as the default

value.

Default Value 6

Value Type integer

Specifies the OTP actions to be processed.Realm level configuration onlyOtp-ActionId

Value Type integer

Specifies the action to add the checksum while

validating the OTP. If this attribute value is yes, the

User, realm, or system-wide

level configuration

Otp-Add-Checksum

HP-UX AAA Server calculates the checksum for the

generated OTP.

While validating the OTP, if the calculated checksum

is identical, the HP-UX AAA Server continues with

the OTP validation. If the calculated checksum is not

identical, the HP-UX AAA Server attempts to

resynchronize.

Configuring OTP Authentication on the HP-UX AAA Server 139