Hi ! On Wed, 9 Aug 2000, Yuri Robbers wrote:
On Wed, 9 Aug 2000, OKDesign oHG Security Webmaster wrote: [ one-time passwords ] Thanks a lot. Even if there is a different and better way, this should do teh trick perfectly. I'll write such a script.
You can try logdaemon (written by Wietse Venema. If you know TCP-Wrapper, that's also his work.): Wietse's ftp area: ftp://ftp.porcupine.org/pub/security/index.html logdaemon README: ftp://ftp.porcupine.org/pub/security/logdaemon-5.8.README logdaemon: ftp://ftp.porcupine.org/pub/security/logdaemon-5.8.tar.gz BTW: Starting with version 4.0 FreeBSD includes this in his login program. It works fine. And it worked before 4.0, too. :) So it should make no trouble on other *nix platforms. There is a second one you can try: http://freshmeat.net/appindex/1999/07/29/933264854.html [...snip...] The S/KEY one-time password system provides authentication over networks that are subject to eavesdropping/replay attacks. This system has several advantages compared with other one-time or multi-use authentication systems. The user's secret password never crosses the network during login, or when executing other commands requiring authentication such as the UNIX passwd or su commands. No secret information is stored anywhere, including the host being protected, and the underlying algorithm may be (and it fact, is) public knowledge. The remote end of this system can run on any locally available computer. The host end could be integrated into any application requiring authentication. [...snip...] If you need more, try a search engine and type in logdaemon or "one time password" and you will get enough answer. ;) BTW: RFC 1760: The S/KEY One-Time Password System. N. Haller. February 1995. RFC 2289: A One-Time Password System. N. Haller, C. Metz, P. Nesser, M. Straw. February 1998. RFC 2444: The One-Time-Password SASL Mechanism. C. Newman. October 1998. If you need the RFCs, take a look at http://bambam.informatik.uni-oldenburg.de/RFC/main.html. mfg andy -- Informationen zum oesterreichischen Usenet http://www.usenet.at/ Verein fuer Internet-BEnutzer Oesterreichs (.AT) http://www.vibe.at/ I am from Austria - but I did not vote for Joerg Haider and the FPOE.