On Wed, Jun 06, 2007 at 12:54:20PM -0700, Henry B. Hotz wrote: > > On Jun 6, 2007, at 12:06 PM, Nicolas Williams wrote: > > >On Wed, Jun 06, 2007 at 11:58:38AM -0700, Henry B. Hotz wrote: > >>The OTP travels over a TBD link to the KDC. The KDC then uses the > >>vendor-provided software to validate the OTP; in other words the > >>vendor is validating that the KDC has a valid OTP. > > > >How is that different than with, say, PAM? How can the OTP server > >know > >whether its client is a telnet server, or something else? How can it > >know that the user is on the client's console, logically or > >physically? > > pam_krb5 *is* the client.
I was thinking of pam_otp.
