HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

141

142

143

144

145

146

147

148

149

150

}

In this example, the Otp-Token-Length attribute has been added in the last row. If you are

using RetrieveUserAndToken SQL action, similar changes will be required there to configure

OTP attributes at a user level.

NOTE: The corresponding values for the attributes configured in the sqlaccess.config file

must be stored in the user profile and in RAD_TOKENS_TABLE in the database.

Advanced Deployment Scenarios

This section documents the procedures for configuring OTP and two-factor authentication in the

following deployment scenarios:

• “Validating OTP Alone” (page 143)

• “Configuring Two-Factor Authentication” (page 145)

“If User and Token Information is in Different SQL Database Tables” (page 145)◦

◦ “If User and Token Information is in the Same SQL Database Table” (page 147)

◦ “If User and Token Information is in Different Databases” (page 149)

• “OTP or Password Validation at External RADIUS Server” (page 151)

“Validating Password on the Local Server and Forwarding OTP to Another RADIUS Server”

(page 152)

◦

◦ “Validating OTP on the Local Server and Forwarding Password to Another RADIUS Server”

(page 154)

◦ “Forwarding OTP and Password to Another RADIUS Server for Validation” (page 156)

Notes:

• The scenarios described in this section are applicable whether you are using RADIUS standard

password authentication or EAP authentication.

• The HP-UX AAA Server supports only the following EAP authentication methods for OTP

authentication:

◦ PEAP (EAP-GTC and EAP-MS-CHAP v2)

◦ TTLS (PAP, MS-CHAP v2, and EAP-MSCHAPv2)

• Creating different inner and outer realms for OTP authentication is supported only for TTLS

(PAP and MS-CHAP v2). For information on creating tunneled EAP realms, see “Adding a

Realm” (page 73).

Validating OTP Alone

To configure the HP-UX AAA Server to validate OTP alone, complete the following steps:

1. Configure the realm using the Realms Screen of the Server Manager. While configuring the

realm, use the procedure listed in “Configuring Realms for Database Access via SQL”

(page 77). In the User Storage Parameters field, ensure that the RetrieveToken SQL action

is selected and the configuration is saved. For more information on configuring the realm, see

“Adding a Realm” (page 73).

Configuring OTP Authentication on the HP-UX AAA Server 143