Go to main content

Managing Authentication in Oracle® Solaris 11.4

Exit Print View

Updated: August 2019
 
 

Configuring and Using OTP in Oracle Solaris

Configuring OTP requires coordination between the administrator and OTP users. After configuration, OTP users can log in to the server by using their UNIX login and the OTP that is displayed on their mobile authenticator app.


Caution

Caution  -  Users can be locked out if the secret key is not on their mobile device before they are required to use OTP.


    Administrator responsibilities:

  1. Ensure that the otp package is installed on the login server.

  2. Ensure that the login server can keep accurate time.

    The server should be a client of a Precision Time Protocol (PTP) or Network Time Protocol (NTP) clock synchronization service. For more information, see Managing Clock Synchronization in Oracle Solaris 11.4.

  3. Ensure that the user has a secret key. Either the user or you can create the user's secret key.

  4. Assign the otp per-user PAM policy to the user.

    Responsibilities of the user with the mobile authentication app:

  1. Download a mobile authenticator app to their mobile device.

  2. Create a secret key or coordinate with the administrator when the administrator creates a secret key for their authenticator app.

  3. Ensure that OTP configuration on the authenticator app matches the configuration on the login server.

  4. Type the secret key into their mobile authenticator app before the administrator assigns the otp PAM policy to them.

  5. Test that a prompt appears for a OTP, and that the OTP logs them in.

Table 2  Task Map: Using OTP in Oracle Solaris
Task
Description
For Instructions
Prepare for OTP.
The administrator ensures that the login server has the modules that support OTP.
Create and confirm a secret key.
The user creates a secret key on the login server and configures the mobile authenticator with the secret.
Create and send a secret key to the user.
Alternatively, the administrator creates a secret key for the user.
Enable OTP.
The administrator requires a OTP at login from users.
Require OTP for Secure Shell logins.
The administrator requires the UNIX password and a OTP with Secure Shell logins.