HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)
Table 102 Common Authentication Failure Problems (continued)
TroubleshootingProblem
The token for user <user name> in realm <realm name> is not active.
HP-UX AAA Server validates the OTP only for active tokens. Verify the
token status in the token repository.
Log MessageUnable to
authenticate
Or
The token with serial number <serialnumber> for user <user name>
in realm <realm name> is not active. The current token status is
<tokenstatus>. HP-UX AAA Server validates the OTP only for active
tokens. Verify the token status in the token repository.
The token status of the user is in a state other than ACTIVE. OTP
authentication can happen only if the user's token status is ACTIVE.
Cause
Use the Manage Users screen in the User Database Administration Manager
to change the user's token status to ACTIVE. For more information on this
Resolution
procedure, see “Modifying User Credentials” (page 276). For more
information on token statuses, see “Valid Token Status Values” (page 281).
Shared secret for user <user name> in realm <realm name> is
<number> bytes. The shared secret must not be less than 16 bytes. Verify
the length of the shared secret in the token repository.
Log MessageUnable to
authenticate
The length of the shared secret is too short.Cause
Verify that you have entered a shared secret that is more than 16 bytes.Resolution
Shared secret not found for user <user name> in realm <realm name>.
The shared secret is required to generate and validate the OTP. Verify that
the shared secret is configured in the token repository.
Log MessageUnable to
authenticate
The shared secret is not configured in the token repository.Cause
Check that the shared secret is configured in the tokens table in the SQL
database for that user. In addition, verify that the correct realm name is
Resolution
configured in the /etc/opt/aaa/authfile and /etc/opt/aaa/
request-ingress.grp file
Sequence counter resynchronization failed for user <user name> in realm
<realm name>. The sequence counter is required to generate and validate
Log MessageSequence counter not
found for user
the OTP. Verify that the sequence counter is configured in the token
repository
The sequence counter is not configured in the token repositoryCause
Check that the sequence counter is configured in the tokens table in the
SQL database for that user. In addition, verify that the correct realm name
Resolution
is configured in the /etc/opt/aaa/authfile and /etc/opt/aaa/
request-ingress.grp file
Invalid hexadecimal string for the user <user name> in realm <realm
name>. The configured hexadecimal string <string> length
Log MessageUnable to
authenticate
<stringlength> is less than the minimum value. The hexadecimal string
length must not be less than 16 bytes.
The hexadecimal shared secret in the SQL database is less than 16 bytes.Cause
Check that the hexadecimal shared secret in the SQL database is more
than 16 byes.
Resolution
Configured hexadecimal string for user <user name> of realm <realm
name> has one or more non-hexadecimal characters. Verify the configured
hexadecimal string in the token repository.
Log MessageUnable to
authenticate
The configured hexadecimal shared secret has non-hexadecimal characters.Cause
Hexadecimal characters range from 0–9 and a-f. Check that the
hexadecimal shared secret does not contain any other characters.
Resolution
368 Troubleshooting Procedures