Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
141142143144145146147148149150
Then
If you have
configured...
insert Otp-ActionId = 48
exit "ACK"
}
If you have configured the realm for TTLS (EAP-MS-CHAP v2), add the following condition:
if ((count (User-Realm) > 0) && (User-Realm = "<realm>/ttls"))
{
insert Otp-ActionId = 48
exit "ACK"
}
6. In the /etc/opt/aaa/reply-egress.grp file, replace the <realm> variable with the
configured realm name in step 1 as follows:
if ( (count (User-Realm) > 0) && (User-Realm = <realm>) )
Use the following rules while replacing the <realm> variable, with the realm name:
Then…If you have configured
Replace <realm> with the realm name configured in
step 1
The realm for RADIUS standard password authentication
Replace <realm> with the inner realm name configured
in step 1
Tunneled realms with different inner and outer realms
for EAP authentication
Replace <realm> with the inner realm name configured
in step 1 using the following syntax:
Tunneled realms with the same inner and outer realms
for EAP authentication
PEAP (EAP-GTC) or PEAP(EAP-MSCHAPv2):
<realm>/peap
Or
TTLS (PAP), TTLS (MS-CHAP v2), or
TTLS(EAP-MSCHAPv2) :
<realm>/ttls
7. Reload the configuration changes by selecting Reload from the Administration screen of the
Server Manager. If the server is not running, start the HP-UX AAA Server to read the
configuration information.
The HP-UX AAA Server is now configured for two-factor authentication.
If User and Token Information is in Different Databases
To configure two-factor authentication if user profile and token information is stored in different
databases, complete the following steps:
1. Configure the realm using the Realms Screen of the Server Manager. Based on the user profile,
configure the realm for the local users file, LDAP, Oracle or MySQL database using SQL
Access and save the configuration. For more information on configuring the realm, see Adding
a Realm” (page 73).
2. If not appended, append the contents of the sample OTP reference implementation policy files
(located in /opt/aaa/examples/config) to the default policy files (located in /etc/opt/
aaa) using the following commands:
# cat /opt/aaa/examples/config/oath-request-ingress.grp >> /etc/opt/aaa/request-ingress.grp
# cat /opt/aaa/examples/config/oath-reply-egress.grp >> /etc/opt/aaa/reply-egress.grp
Configuring OTP Authentication on the HP-UX AAA Server 149