Before You Begin
You are the owner of a mobile device that connects to the Internet, and your administrator has completed How to Configure OTP.
Search for Authenticator in your app store. See Exploring Oracle Mobile Authenticator and Its Applications for more information.
$ otpadm set secret XXXX nnnn XXXX XXXX nnnn nnnn nnnn XXXX Enter current code from authenticator: nnnnnnnn
The server displays the secret and prompts for a code from the mobile application.
For example, on the Oracle Mobile Authenticator screen, press the plus (+) button in the upper right corner of the screen, choose "Enter provided key", pick a name for the account (username@login-server), and type the secret key under "Key".
After the otpadm prompt accepts a valid code from the authenticator, OTP is configured and ready to use.
After the administrator completes How to Require a UNIX Password and a OTP to Log In to an Oracle Solaris System, log in to the server. You should be prompted first for your server login, then for the OTP. After you type the OTP, you should be logged in.
The administrator notifies OTP users to change to a SHA2 algorithm and an 8-digit password.
By email, the administrator instructs them to follow the new guidelines.
Users, We are changing the mobile authenticator to use a longer password and a stronger algorithm. Please complete the changeover by Friday. On the server, open a terminal window and issue the following commands: otpadm set algorithm=hmac-sha256 digits=8 secret Respond to the prompts and instructions. If you have difficulty, notify the administrator.
In their mobile authenticator app, users select the hmac-sha256 algorithm and set digits to 8.
On the login server, each user runs the commands from the email.
$ otpadm set algorithm=hmac-sha256 digits=8 secret 1234 abcd 1234 abcd 1234 1234 1234 abcd Enter current code from authenticator: nnnnnnnn
Each user types the secret into their mobile authenticator app.
After the user generates a code on the app and types it at the login server prompt, the app and the server are synchronized and configuration is complete.
Users own a mobile authenticator that prompts for a secret in hexadecimal format. They create a secret key that displays in hexadecimal format.
$ otpadm -f hex set secret 7DDF B236 7023 82A6 F70F 0001 C8B7 F0BE A76C 3F31
Troubleshooting
If the OTP password fails, wait and try the second OTP that displays.
If the login server does not accept the OTP, verify with the administrator that the clocks on the mobile device and the server are synchronized.
If the times on the login server and the mobile authenticator do not synchronize, you and your administrator could configure a counter-based OTP rather than a time-based OTP. See Example 15, Using a Counter Rather Than a Timer for OTP Authentication.