Configuring OTP requires coordination between the administrator and OTP users. After configuration, OTP users can log in to the server by using their UNIX login and the OTP that is displayed on their mobile authenticator app.
Caution - Users can be locked out if the secret key is not on their mobile device before they are required to use OTP. |
Administrator responsibilities:
Ensure that the otp package is installed on the login server.
Ensure that the login server can keep accurate time.
The server should be a client of a Precision Time Protocol (PTP) or Network Time Protocol (NTP) clock synchronization service. For more information, see Enhancing System Performance Using Clock Synchronization and Web Caching in Oracle Solaris 11.3.
Ensure that the user has a secret key. Either the user or you can create the user's secret key.
Assign the otp per-user PAM policy to the user.
Responsibilities of the user with the mobile authentication app:
Download a mobile authenticator app to their mobile device.
Create a secret key or coordinate with the administrator when the administrator creates a secret key for their authenticator app.
Ensure that OTP configuration on the authenticator app matches the configuration on the login server.
Type the secret key into their mobile authenticator app before the administrator assigns the otp PAM policy to them.
Test that a prompt appears for a OTP, and that the OTP logs them in.