Before You Begin
You have completed How to Configure OTP.
You must become an administrator with the OTP Auth Manage All Users rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
$ otpadm get mode=timer algorithm=hmac-sha1 digits=6 ...
$ pfexec otpadm -u username -f [base32 | hex] set attributes secret
For example, use the default OTP attributes:
$ pfexec otpadm -u jdoe set secret
For example, require a longer OTP:
$ pfexec otpadm -u jdoe set digits=8 secret
For example, set counter mode:
$ pfexec otpadm -u jdoe set mode=counter secret
By default, the OTP secret is displayed in Base32 format. Most authenticators accept this format, but some expect hexadecimal format. To change the format for the OTP secret, see Example 6, Setting and Displaying a Hexadecimal Secret Key.
$ pfexec otpadm -u username get secret CBA6 5JBR M73T XGZK CNAB 36HG QLE5 PFCR
username $ otpadm get secret CBA6 5JBR M73T XGZK CNAB 36HG QLE5 PFCR
In this example, the administrator generates a generic key, places it in a protected location. After protecting the file, the administrator assigns the secret to the user from the file, then notifies the user of the file location.
Generate the key.
$ pktool genkey keystore=file outkey=/homedir/jdoe/secret keylen=160 keytype=generic print=y Key Value ="a231400f466039818507238e1b549740726aa61a"
The print=y option displays the key in hexadecimal format, but the number in the secret file is not in hexadecimal form. The otpadm set secret will use this input to create a secret key for the user.
Assign the secret file to the user.
$ otpadm -u jdoe set secret=/homedir/jdoe/secret
(Optional) Display the user's secret key.
$ otpadm -u jdoe get secret=/homedir/jdoe/secret EB8D D111 D555 ...