[plug] security qn: auth from Windows clients to Linux server
Jim Householder
nofixed at westnet.com.au
Sun Jul 31 10:25:33 WST 2005
>How about one time passwords? You generate a list of random
>passwords, carry them around printed on paper, and they can only be
>used once each, in order. There seems to be a PAM module for that,
>libpam-opie on debian. I've used otp on openbsd where the support is
>pretty good. I haven't used otp on linux, but some mucking around
>with pam should make it work.
>
>You'd need one list for each machine, since a keystroke logger would
>still be able to grab passwords if you ssh from one remote machine to
>another remote machine.
>
>
Another possibility would be some sort of challenge/response
arrangement, where once you connect, you get a random number or
string, mangle it somehow, and send it back. That way you would not
have to worry about running out of passwords, or losing the paper.
Jim
More information about the plug
mailing list