![]() |
As configured on the OnBoard appliance, OTP expects its user databases to reside in /mnt/opie/etc. The OnBoard appliance’s resident Flash memory does not provide a directory for the OTP databases. Onboard administrator must mount a device on /mnt/opie. You may use a compact Flash PCMCIA card or an NFS-mounted directory.To configure a compact Flash card for OTP, the root user logs into the OnBoard appliance’s console and runs the /bin/do_create_cf_ext2 script on the command line. The script does the following:
2. Enter the /bin/do_create_cf_ext2 script on the command line.
1. Make sure a directory (for example /home/opie), has been created on the NFS server and is shared (exported) via NFS.
3. Enable the RPC service using the cycli utility.[root@OnBoard /]# cycli -CF set service rpc enable yesThe following screen example uses nfs_server.avocent.com as the NFS server name and
/home/opie as the exported directory’s name.[root@OnBoard /]# mount -t nfs nfs_server.avocent.com:\
5. Enter the following commands to create the /etc directory on the mounted directory and to create an opiekeys file.[root@OnBoard /]# mkdir /mnt/opie/etc[root@OnBoard /]# touch /mnt/opie/etc/opiekeys[root@OnBoard /]# chmod 0644 /mnt/opie/etc/opiekeys[root@OnBoard /]# chown root:bin /mnt/opie/etc/opiekeys
2. Use vi or another text editor to open the /etc/mgetty.login.config file for editing and find this entry: * - - /bin/login.
[root@OnBoard /]# vi /etc/mgetty.login.config
* - - /bin/opielogin @This procedure manually configures Telnet or SSH logins to the console with either the OTP or OTP/Local authentication method, and it also changes the targets of the symbolic links /etc/pam.d/sshd and /etc/pam.d/login to /etc/pam.d/[otp,otplocal].[root@OnBoard /]# cd /etc/pam.d
2. To specify OTP for logins to the console or through telnet, change the target of the symbolic link login to otp or otplocal.CAUTION:If OTP is chosen, users (even root) may be locked out if not configured properly. You can test whether OTP is working by first changing only the symbolic link for login as shown in the following screen example and then attempting access using telnet. If the telnet login using an OTP password succeeds, you can safely change the method for ssh logins as described in step 3.[root@OnBoard /]# ln -sf /etc/pam.d/otp login[root@OnBoard /]# ln -sf /etc/pam.d/otplocal login[root@OnBoard /]# ln -sf /etc/pam.d/otplocal sshdNOTE: The cycli utility and the Web Manager may not display the correct authentication information when the symbolic links are changed manually.This procedure manually configures a previously-configured device or devices to use the OTP or OTP/Local authentication method.authtype = otpauthtype = otplocal