Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: AW: AW: [suse-security] one-time passwords
  • From: Andreas Kreuzinger <andy@xxxxxxxxxxxxxx>
  • Date: Fri, 11 Aug 2000 16:11:29 +0200 (CEST)
  • Message-id: <Pine.LNX.4.10.10008111550310.22919-100000@xxxxxxxxxxxxxx>
Hi !

On Wed, 9 Aug 2000, Yuri Robbers wrote:

> On Wed, 9 Aug 2000, OKDesign oHG Security Webmaster wrote:
[ one-time passwords ]
> Thanks a lot. Even if there is a different and better way, this should do
> teh trick perfectly. I'll write such a script.

You can try logdaemon (written by Wietse Venema. If you know TCP-Wrapper,
that's also his work.):
Wietse's ftp area:
ftp://ftp.porcupine.org/pub/security/index.html
logdaemon README:
ftp://ftp.porcupine.org/pub/security/logdaemon-5.8.README
logdaemon:
ftp://ftp.porcupine.org/pub/security/logdaemon-5.8.tar.gz

BTW: Starting with version 4.0 FreeBSD includes this in his login program.
It works fine. And it worked before 4.0, too. :)
So it should make no trouble on other *nix platforms.


There is a second one you can try:
http://freshmeat.net/appindex/1999/07/29/933264854.html
[...snip...]
The S/KEY one-time password system provides authentication over networks
that are subject to eavesdropping/replay attacks. This system has several
advantages compared with other one-time or multi-use authentication
systems. The user's secret password never crosses the network during
login, or when executing other commands requiring authentication such as
the UNIX passwd or su commands. No secret information is stored anywhere,
including the host being protected, and the underlying algorithm may be
(and it fact, is) public knowledge. The remote end of this system can run
on any locally available computer. The host end could be integrated into
any application requiring authentication.
[...snip...]

If you need more, try a search engine and type in logdaemon or "one time
password" and you will get enough answer. ;)

BTW:
RFC 1760: The S/KEY One-Time Password System. N. Haller. February 1995.
RFC 2289: A One-Time Password System. N. Haller, C. Metz, P. Nesser, M.
Straw. February 1998.
RFC 2444: The One-Time-Password SASL Mechanism. C. Newman. October 1998.

If you need the RFCs, take a look at
http://bambam.informatik.uni-oldenburg.de/RFC/main.html.

mfg andy
--
Informationen zum oesterreichischen Usenet http://www.usenet.at/
Verein fuer Internet-BEnutzer Oesterreichs (.AT) http://www.vibe.at/

I am from Austria - but I did not vote for Joerg Haider and the FPOE.


< Previous Next >
References