< Home

HWTACACS Two-Factor Authentication

HWTACACS two-factor authentication indicates that the device interworks with an HWTACACS server to authenticate users. This authentication requires users to enter dynamic verification codes in addition to their user names and static PIN codes. The following uses an SSH user as an example to describe the HWTACACS two-factor authentication process.

After a user logs in to the device through HWTACACS two-factor authentication, HWTACACS two-factor authentication is supported when the super command is executed to upgrade the user privilege level.

Figure 1 HWTACACS two-factor authentication

  1. A user enters a user name and PIN code. The client then sends the user name and PIN code to the device.

  2. The device sends the user name and PIN code to the HWTACACS server.

  3. The HWTACACS server verifies the user name and PIN code based on its database and returns the verification result to the device.

    • If the user name and PIN code are incorrect, the HWTACACS server sends an authentication failure message to the device.

    • If both the user name and PIN code are correct, the HWTACACS server sends a Challenge message to the device to request a dynamic verification code.

  4. The device sends the user name and PIN code verification result to the client.

    • If the user name and PIN code are incorrect, the message "Access denied" is displayed on the client. The authentication process ends, and the login attempt of the user fails.

    • If the user name and PIN code are correct, the dynamic verification code authentication process starts.

  5. The user enters the dynamic verification code.

  6. The device sends the dynamic verification code to the HWTACACS server.

  7. The HWTACACS server verifies the dynamic verification code and sends the verification result to the device.

    • If the dynamic verification code is correct, the HWTACACS server sends an authentication success message to the device.

    • If the dynamic verification code is incorrect, the HWTACACS server sends an authentication failure message to the device.

  8. The device sends the authentication result to the client.

Parent Topic: HWTACACS AAA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >