Managing Kerberos and Other Authentication Services in Oracle^® Solaris 11.3

How to Configure OTP

Before You Begin

You must become an administrator with the Software Installation rights profile to install the otp package. You must become an administrator with the OTP Auth Manage All Users rights profile to enable you to manage OTP. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

1. Ensure that the login server is a client of a clock synchronization service.

   For instructions, see Enhancing System Performance Using Clock Synchronization and Web Caching in Oracle Solaris 11.3.

2. Ensure that the otp package is installed on the login server.

   login-server $ pkg search -H -o pkg.name -l \<otp\>
   pkg:/system/security/otp

3. (Optional) Determine whether the defaults are sufficient for your site policy.

   $ otpadm get
                   mode=timer
              algorithm=hmac-sha1
                 digits=6
                   ...

4. If users should use different values, send them instructions.

   • Include the attributes that the users must set on their mobile devices.

   • If users set their own secrets, send them instructions. See Example 12, Users Changing to a Longer OTP and a Stronger Algorithm and Example 13, Setting and Displaying a Hexadecimal Secret Key.