[plug] security qn: auth from Windows clients to Linux server

[Jim Householder]

>How about one time passwords?  You generate a list of random
>passwords, carry them around printed on paper, and they can only be
>used once each, in order.  There seems to be a PAM module for that,
>libpam-opie on debian.  I've used otp on openbsd where the support is
>pretty good.  I haven't used otp on linux, but some mucking around
>with pam should make it work.
>
>You'd need one list for each machine, since a keystroke logger would
>still be able to grab passwords if you ssh from one remote machine to
>another remote machine.
>
>
Another possibility would be some sort of challenge/response
arrangement, where once you connect, you get a random number or
string, mangle it somehow, and send it back.  That way you would not
have to worry about running out of passwords, or losing the paper.

Jim