Hi Dieter, [...]
I need a one-time-password authentication system which allows me to log in via an untrusted terminal, p.ex via telnet from win-xy. The problem is that I can't disable telnet on my pc thince I still need it to log in from my secure network.
well, why don't you use SSH to connect from an unsecure Network and "normal" Telnet when connecting from a Secure one?? Since ssh also encrypts the in-transit data it's much better than "just" a otpw! You could then place a TCP-Wrapper "in-front of" the Telnet-Daemon (note: The SSHD usually runs standalone. It might be started from inetd, but this causes some overhead (time-loss) and might lead to connect problems (I never tried this out!)) and then allow and deny access via Telnet, based on the source-IP-Address. This would allow you to use the "simple" Telnet-Protocol from the secure Network and access the machine via SSH from unsecure Networks! Or, you install the TIS Firewall-Toolkit. We run that @ work (we use the Net-ACL, kind of TCP-Wrapper)! It works great and also comes with a One-time Password System! Unfortunately, the TIS FWTK is IMHO no longer supported :-(((
The very best would be a telnet-alike protocol which allows to choose between giving a normal or a one-time password.
Hmm, why not choosing ssh for all access? Or, as mentioned, use both sshd and telnetd and allow / deny access via Telnet either thru TCPD or the TIS FWTK Net-ACL! HTH? _ralf_