begin quoting Tracy R Reed as of Tue, Apr 04, 2006 at 03:17:12PM -0700: > I am hoping someone here with more experience with PAM than I have can > shed some light on these questions: > > Does anyone know if it is possible to use both standard passwords or > one time passwords and have the system accept either one? The goal is to
Yes. If a rule is sufficient, and passes, evaluation ends. > be able to login with my standard password when I know I am at a secure > terminal (my home machine, my work machine) but use a one time password > (carried around in my wallet on a piece of paper) when I am at a > potentially insecure terminal such as in a computer lab or cyber cafe or > when using ANY [EMAIL PROTECTED] Windows machine. A friend of mine recently > had a > major problem because a keylogger had been installed on their system > which has me seriously thinking about this. The thing with one-time passwords is you need a challenge-response system choose the correct one-time password (in theory)... you _ought_ to be able to set up a user-account that prompts for OTP, and another that desires the "normal" password. PAM has caused me more grief than just about any other "improvement" to *NIX I can think of (excepting, perhaps, NIS). And yet, in theory, it's a wonderful idea; the implementation may require some debugging as you strive to set up the rules correctly. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
