Configuring the Mobile OTP Type

Constraints

• Currently, only the following OTP types are supported:
  • Built-in mobile OTPs support Time-based One-Time Password (TOTP). You need to bind a mobile OTP to a user in the Profile module in your bastion host system. You can bind a mobile OTP through a WeChat applet or other similar programs, such as Google Authenticator and FreeOTP Authenticator, that support TOTP.
  • RADIUS mobile OTPs also support TOTP. You need to connect to the RADIUS server you have created and bind the mobile OTP on the RADIUS server. You can bind the mobile OTP through a WeChat applet or similar programs, such as Google Authenticator and FreeOTP Authenticator, that support TOTP.
• For the mobile token to take effect, ensure that the mobile token types configured in the system and on your mobile phone are the same.

Prerequisites

You have the management permissions for the System module.

Procedure

1. Log in to your bastion host.
2. Choose System > System Config > Security.
3. In the Mobile Token Settings area, click Edit.
4. In the displayed Mobile Token Settings dialog box, select a mobile OTP type.
   You can select Built-in or RADIUS. If you select RADIUS, the parameters are described as follows:

   Table 1 RADIUS mobile OTP parameters

   Parameter	Description
   Server	Enter the IP address of the RADIUS server.
   Port	Enter the port number of the RADIUS server.
   Protocol	The options are PAP and CHAP.
   Password	Enter the shared key for RADIUS server authentication.
   Timeout	Configure an authentication timeout. The value ranges from 5 to 30, in seconds. A maximum of three authentication attempts are allowed, and each attempt must be within the configured authentication timeout.

5. Click OK. You can then check the mobile token settings of the current system user on the Security tab.