WMI for Administrators > Configuration > One Time Password (OTP) Authentication > OTP Authentication configuration tasks

OTP Authentication configuration tasks
KVM/netPlus administrators must perform the following tasks to set up and configure OTP.
1.
a.
KVM/netPlus main flash memory.
b.
Note: A PCMCIA Compact Flash (CF) card should be used for mounting the OTP database only and not for regular storage use.
c.
2.
The KVM/netPlus administrator must make sure each user who needs to use OTP has a local account on the KVM/netPlus, is registered with the OTP system, and is able to obtain the OTP passwords, OTP username, and secret pass phrase needed for login.
3.
KVM/netPlus supports an optional 56K modem PC card. You can use the WMI interface or the OSD to configure the modem card for OTP.
The following sections describes the configuration tasks in detail.
To Set up and Configure OTP Database
1.
 
2.
The following message displays
 
3.
The following table describes the available options.
Note: KVM/netPlus supports a PCMCIA CF card for mounting the OTP database only. CF card should not be used for regular storage use.
host - DNS name or IP address of the NFS server. path - A directory shared by the NFS server.
4.
 
5.
The OTP database is mounted once you enable OTP. The following message is displayed.
 
6.
To Register Users for OTP and Generate OTP Passwords
The following procedures should be performed for each user who requires to use OTP authentication.
The below example demonstrate the procedures to add and register a new user to KVM/netPlus.
1.
2.
Execute the adduser command as shown in the following window.
If a user account exist in KVM/netPlus skip this step and proceed to step 3 to register the user for OTP.
New password: livios_passwd
3.
Execute the command opiepasswd to generate a default OPIE key. This command initializes the system information to allow using OPIE login.
Note: You can use the -c option (console mode) if you have secure access to KVM/netPlus. Running OPIE commands through an insecure connection can expose your password and compromise security.
Using opiepasswd from the console
The following information displays when you execute the opiepasswd command from the console with a -c option. The system prompts you to enter a new secret pass phrase and proceeds to generate default OPIE sequence number 499 and a key from the first two letters of the hostname (kv), a pseudo random number (6178), and a password comprised of six words. In the following example, 499 KV6178 is the OPIE key and the password is COMB YANK BARD SLOT AS USER.
 
Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter.
 
 
Using opiepasswd from remote
The following information displays when you are executing the opiepasswd command securely from a remote system. In this case you require an OTP generator to obtain the password. This initial sequence and its password is used to generate the hash number that is stored in the OTP database.
[root@KVMNETPLUS root]# opiepasswd livio
4.
Execute the command opiekey to generate passwords for the users.
Note: Do not execute opiekey command through dial-in or an insecure remote connection such as Telnet.
The following example uses MD5 (-5 option) to verify data integrity. The -n <count> option followed by the sequence number 498 generates 5 passwords ending with number 498.
 
 
Enter secret pass phrase: livios secret pass phrase
 
5.
To Configure the PCMCIA Modem Using OTP Authentication
You can configure the modem PCMCIA card for OTP authentication using WMI or OSD.
Using Web Manager Interface
1.
In the Web Manager Expert mode go to Configuration > Network > PCMCIA Management and click on Configure button.
If you have a modem PCMCIA card installed, the card information is displayed under the Card Type column.
2.
3.
See Configuring a PCMCIA Modem Card if needed.
Using OSD (On Screen Display)
1.
2.
3.
4.
5.
See PCMCIA Screens if needed.

WMI for Administrators > Configuration > One Time Password (OTP) Authentication > OTP Authentication configuration tasks