On Monday 07 May 2012 21:30:56 Guylhem wrote: > Hello > > On Mon, May 7, 2012 at 4:13 PM, Sven-Göran Bergh > <[email protected]> wrote: > > I think the idea of bringing OTP to busybox is really > > great. It would certainly be useful in our projects. > > I'm scratching my own itch there :-) > > It will allow me to run telnetd again on my DSL modem and also use > shellinabox from "not-so-friendly" computers. > > > 2) Would it be possible to leave the 2:nd channel (delivery of the pin) > > to a separate user supplied script? In that case it would be simple for > > the admin to setup the delivery as desired by eg. a simple shell script, > > SMS, HTTP(S), netcat magic, SMTP, etc.? This would be a very simple, > > and yet flexible and powerful approach. > > It is an excellent idea to give flexibility. > > It should be possible to define which application will be run to > present the pin to the user - possibily in the same file where the > shared secrets are stored, so that each user can have its own delivery > (email for someone, web-sms gateway for someone else, etc.). > > Example : /etc/otp > $USER:$SHAREDSECRET:$DELIVERY
Hi, as plaintext passwords are not widely used nowadays, do you plan to store the shared secret encrypted? > $DELIVERY would simply be the path to a script, with say $1 as the pin > to deliver and $2 as the user to deliver it to to offer flexibility. > > The file would be optional (if delivery is not defined, simply display > the pin within login by default) - along with a default shared secret, > randomly generated at compile-time . > > At the moment I'm working with Dragonfly DMA, to allow delivery by > email (it's a very small SMTPD implementation that would be great in > busybox). You may be interested in checking out DMA. There is sendmail in busybox. > Guylhem Ciao, Tito _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
