I mean something ala S/Key, which is a system where you've got a hash that's known only to you, and that hash is a seed that when entered as an argument along with a number generated by the system (challenge) into an algorithm (forget which one), it produces a four word english phrase (the response). The number eventually degrades down to 0, at which time your hash has to be regenerated.
The PalmKey app I referred to is a small application which takes the hash you enter into it and the number produced by the login system, then generates the four word response. I'm still trying to get it set up on one of my boxes here, I'll try writing a HowTo when I'm done... -- G begin Aaron King quotation: > Now this is something like what I had in mind! When you say "challenge response >generator", do you mean something like SSH? (I'm not familiar with Palm). > > A. > > Geoffrey Herteg wrote: > > > If you're looking for secure file sharing over the Internet, you might want to >consider the Self-certifying File System (SFS, http://www.fs.net/). When combined >with OPIE (one time passwords), it's pretty darn secure, but you do need a challenge >response generator on-hand (like PalmKey for the Palm). > > > > -- G > > > > begin Peter Jay Salzman quotation: > > > dear all, > > > > > > i just configured nfs for the first time from scatch. it was easy. took me > > > under 20 minutes to do. > > > > > > 8 minutes: reading the howto. actually, i simply skimmed paragraphs that > > > looked sorta important. > > > > > > 10 minutes: browsed through the google newsgroups to look for mention of > > > "rpc: connection refused" error. google didn't pan out (but lots of people > > > asked the same question). i found the answer by going back to the howto. > > > > > > the funny thing is that the howto is kind of outdated for what i'm using -- > > > the kernel NFS feature, rather than user space NFS. > > > > > > the kernel space NFS is supposed to be faster, but is also supposed to be > > > harder to debug. here is the outline of the steps: > > > > > > 1. compile the kernel on the server with "kernel nfs server support" > > > include nfs 3 support. > > > 2. compile the kernel on the client with "kernel nfs client support" > > > include nfs 3 support. > > > 3. edit /etc/hosts.allow, /etc/hosts.deny for security here's the deny file: > > > > > > portmap: ALL > > > lockd: ALL > > > mountd: ALL > > > rquotad: ALL > > > statd: ALL > > > > > > and here's the allow file: > > > > > > portmap: lucifer.diablo.net > > > lockd: lucifer.diablo.net > > > rquotad: lucifer.diablo.net > > > mountd: lucifer.diablo.net > > > statd: lucifer.diablo.net > > > > > > 4. make the file /etc/exports. here's mine. i simply mount /home on the > > > remote machine. > > > > > > /home 192.168.0.4(rw) > > > > > > 5. /etc/init.d/nfs start > > > 6. run rpc.mountd, rpc.nfsd and rpc.lockd on the server. (this was teh step > > > i was missig that caused the rpc: connection refused" message. > > > 7. on the client, > > > > > > lucifer# mount satan:/home /home > > > > > > 8. wait a bit > > > > > > and suddenly, i now have my home directory shared between my 2 computers. > > > very cool. my bookmarks, my files; everything is available to me on both > > > computers. no more wondering if i left a particular file on this machine or > > > that machine... > > > > > > i'm behind a pretty strong firewall, so running nfs on my home network > > > doesn't pose much of a threat. although if i'm wrong, someone please speak > > > up! :) > > > > > > if anyone has any tips on optimizing nfs or making it more secure, i'm all > > > ears too. > > > > > > pete > > > > > > -- > > > "You may not use the Software in connection with any site that disparages > > > Microsoft, MSN, MSNBC, Expedia, or their products or services ..." > > > -- Clause from license for FrontPage 2002 > > -- > ====================================================================== > Aaron King, Ph.D. http://two.ucdavis.edu/~aking > Dept. of Environmental Science & Policy mailto:[EMAIL PROTECTED] > University of California Tel: 530/752 3026 > One Shields Avenue, Davis CA 95616 USA Fax: 530/752 3350 > ====================================================================== >
