Hello On Mon, May 7, 2012 at 4:13 PM, Sven-Göran Bergh <[email protected]> wrote: > I think the idea of bringing OTP to busybox is really > great. It would certainly be useful in our projects.
I'm scratching my own itch there :-) It will allow me to run telnetd again on my DSL modem and also use shellinabox from "not-so-friendly" computers. > 2) Would it be possible to leave the 2:nd channel (delivery of the pin) > to a separate user supplied script? In that case it would be simple for > the admin to setup the delivery as desired by eg. a simple shell script, > SMS, HTTP(S), netcat magic, SMTP, etc.? This would be a very simple, > and yet flexible and powerful approach. It is an excellent idea to give flexibility. It should be possible to define which application will be run to present the pin to the user - possibily in the same file where the shared secrets are stored, so that each user can have its own delivery (email for someone, web-sms gateway for someone else, etc.). Example : /etc/otp $USER:$SHAREDSECRET:$DELIVERY $DELIVERY would simply be the path to a script, with say $1 as the pin to deliver and $2 as the user to deliver it to to offer flexibility. The file would be optional (if delivery is not defined, simply display the pin within login by default) - along with a default shared secret, randomly generated at compile-time . At the moment I'm working with Dragonfly DMA, to allow delivery by email (it's a very small SMTPD implementation that would be great in busybox). You may be interested in checking out DMA. Guylhem _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
